CMMC 2.0 Simplifies Compliance

The Department of Defense released CMMC 2.0 a few months ago. This new CMMC model streamlines the certification process and eased security regulations for contractors and subcontractors that handle low-priority information.  

The original version of the Cybersecurity Maturity Model Certification program called for all Department of Defense contractors and subcontractors to take on the mandatory third-party assessments of their cybersecurity procedures, which would have significantly raised the price of compliance. The independent certification requirement would have applied to all external firms throughout the industry, regardless of their role or the sensitivity of the information they handled.

This aspect of the regulation has been downgraded in Cybersecurity Maturity Model Certification 2.0 to only apply to contractors handling the most sensitive information. After a six-month internal review, CMMC 1.0 was determined to be impractical to comply with. This was largely attributed to the universal third-party assessment requirement, which would have created a backlog at assessment agencies inundated with request. That backlog would extend the time needed to implement the new standard significantly.  

Cybersecurity Maturity Model Certification’s critics also complained that the original version of CMMC priced out smaller firms from bidding on DoD contracts because of the excessive costs associated with compliance with Cybersecurity Maturity Model Certification.   

CMMC 2.0 replaced the original versions five-tier grading system with a straightforward approach to categorizing the type of information being handled by each organization. These five tiers were consolidated into three: foundational, advanced, and expert.   

Where did your company stand with Cybersecurity Maturity Model Certification before its simplification? Whether you are up to date with your compliance with CMMC or just getting started, 2W Tech can help. We have a robust Cybersecurity Compliance Program designed to help our clients comply with all regulations related to their industry. Contact us today to learn more.   

Read More:

Epicor ERP Adds Low-Code Business Intelligence Tool

Where is the Future of IIoT Headed?