What CMMC 2.0 Means for your Business

CMMC 2.0 has streamlined CMMC and brought it in line with existing federal cybersecurity standards. This will result in benefits for many government contractors.

Join our newsletter:
When CMMC 2.0 was announced on November 11th, 2021 most DoD contractors released sighs of relief. CMMC 2.0 addressed many of the industry's concerns around the original CMMC. These initial concerns included high costs for small businesses, complex security requirements, and potential conflicts of interest.

What is new with CMMC 2.0?

CMMC 2.0 Model
  • There are now only three CMMC levels in total
  • The old CMMC model level 2 and 4 have been eliminated
  • Security requirements or “practices” that were unique to the old CMMC model have been limited
  • Maturity processes (e.g, AC.2.999) from the old CMMC model are gone
  • The new CMMC levels are level 1 “Foundational”, level 2 “Advanced”, and level 3 “Expert”
  • Companies with CMMC level 1 requirements will no longer require a third party assessment, instead they will be required to complete an annual self-assessment
  • Companies with CMMC level 2 requirements who have “critical national security information” will undergo triennial third party self-assessments or annual self-assessments for “select programs”
  • Companies with CMMC level 3 requirements will undergo triennial government led assessments
  • CMMC level 2 requirements now align directly with NIST SP 800-171
  • CMMC level 3 will be based on a subset of NIST SP 800-172 requirements

What CMMC 2.0 Likely Means for Contractors

  • Reduced costs because a third party assessment may not be required for as many contractors
  • Reduced costs because the number of security requirements have been reduced
  • Security requirements are easier to meet as “maturity levels” have been eliminated from CMMC
 

Quick & Simple

Discover Our Cybersecurity Compliance Solutions:

Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you

 NIST SP 800-171 & CMMC Compliance App

NIST SP 800-171 & CMMC Compliance

Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
 HIPAA Compliance App

HIPAA Compliance

Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
 FAR 52.204-21 Compliance App

FAR 52.204-21 Compliance

Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
 ISO 27001 Compliance App

ISO 27001 Compliance

Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.