The Cybersecurity Maturity Model Certification (CMMC), version 2.0, is on pace to be finalized sooner than expected. That means Department of Defense (DoD) contractors who need to be compliant with CMMC to bid on these contracts suddenly have a smaller window to get their ducks in order.   

The DoD is working to establish Cybersecurity Maturity Model Certification, version 2.0. The Cyber AB – formerly known as the Cybersecurity Maturity Model Accreditation Body, recently released a pre-decisional draft of the CMMC Assessment Process (CAP) at the end of July.  

Although it is not yet endorsed by the DoD, contractors should get ready for this proposed process for assessing the implementation of cybersecurity measures.   

CMMC 2.0 is expected to have three levels for certificates:  

  • Level 1 (foundational) – This level is for contractors handling Federal Contract Information (FCI). This is for general contractors that do not have any Controlled Unclassified Information (CUI). It is estimated between 120,000 and 140,000 contractors need this level.   
  • Level 2 (advanced) – This level is for contractors handling CUI.  About 80,000 businesses will need this level.   
  • Level 3 (expert) – This level is for contractors handling the highest priority programs with CUI. Right now, only about 400 to 500 organizations need to meet Level 3 requirements.  
  • The draft CAP currently is structured to apply to CMMC Level 2 certifications.   

The draft CAP describes the CMMC doctrine and provides the overarching procedures and guidance for CMMC Third-Party Assessment Organizations (C3PAOs) that will assess organizations seeking CMMC certification.   

The draft CAP provides four phases for the assessment:  

  1. Plan and prepare the assessment 
  2. Conduct the assessment 
  3. Report assessment results  
  4. Closeout plan of action and milestones and assessment 

C3PAOs started conducting four voluntary assessments using the draft CAP in August. If you are an organization hoping to bid on or renew contracts in early 2023, and you have not already started your CMMC 2.0 compliance journey, now is the time to get certified at the appropriate CMMC level for those contracts.  

Whether you are up to date with your compliance with CMMC or just getting started, 2W Tech can help. We have a robust Cybersecurity Compliance Program designed to help our clients comply with all regulations related to their industry. Contact us today to learn more.    

Read More:

Is There a New Normal in Supply Chain?

HITRUST Selected for TEFCA Security Certification

Back to IT News