Introducing the CMMC 2.0 Framework
Earlier this month, CMMC 2 guidelines were introduced. CMMC 2 is positioned to replace the original CMMC guidelines and to act as an incremental milestone for defense contractors to address. These enhanced guidelines will maintain the program’s original goal of safeguarding sensitive information, but also build on them.
Some highlights include:
- Streamlining the model from 5 to 3 compliance levels
- Simplifying the CMMC standard and providing additional clarity on cybersecurity regulatory, policy, and contracting requirements
- Using National Institute of Standards and Technology (NIST) cybersecurity standards and third-party assessment requirements on companies supporting the highest priority programs
- Increasing Department oversight of professional and ethical standards in the assessment ecosystem
- Allowing all companies at Level 1 (Foundational) and a subset of companies at Level 2 (Advanced) to demonstrate compliance through self-assessments
The changes reflected in CMMC 2.0 will be implemented through the rulemaking process. Companies will be required to comply once the forthcoming rules go in effect. The rulemaking process and timelines can take 9-24 months.
If you need help understanding and implementing the requirements of CMMC 2.0, let us help. 2W Tech is a technology service provider specializing in solutions for the manufacturing industry. We have IT Consultants on staff that are experts in Cyber Defense and Cyber Security and would be happy to help you with your compliance regulations.