How is CMMC 2.0 Different from CMMC 1.0

May 1, 2023 | Blog

STREAMLINED. FLEXIBLE. SECURE.

To safeguard sensitive national security information, the Department of Defense (DoD) launched CMMC 2.0, a comprehensive framework to protect the defense industrial base from increasingly frequent and complex cyberattacks.

With its streamlined requirements, CMMC 2.0:

History:- In September 2020, the DoD published an interim rule to the DFARS in the Federal Register (DFARS Case 2019-D041), which implemented the DoD’s initial vision for the CMMC program (“CMMC 1.0”) and outlined the basic features of the framework (tiered model, required assessments, and implementation through contracts). The interim rule became effective on November 30, 2020, establishing a five-year phase-in period.

In March 2021, the Department initiated an internal review of CMMC’s implementation, informed by more than 850 public comments in response to the interim DFARS rule. This comprehensive, programmatic assessment engaged cybersecurity and acquisition leaders within DoD to refine policy and program implementation.

In November 2021, the Department announced “CMMC 2.0,” an updated program structure and requirements designed to achieve the primary goals of the internal review:

  • Safeguard sensitive information to enable and protect the warfighter
  • Dynamically enhance DIB cybersecurity to meet evolving threats
  • Ensure accountability while minimizing barriers to compliance with DoD requirements
  • Contribute towards instilling a collaborative culture of cybersecurity and cyber resilience
  • Maintain public trust through high professional and ethical standards

1) Streamlined Model:-

  • Focused on the most critical requirements:
  • Streamlines the model from 5 to 3 compliance levels
  • Aligned with widely accepted standards: Uses National Institute of Standards and Technology (NIST) cybersecurity standards

2) Reliable Assessments

  • Reduced assessment costs: Allows all companies at Level 1 (Foundational), and a subset of companies at Level 2 (Advanced) to demonstrate compliance through self-assessment
  • Higher accountability: Increases oversight of professional and ethical standards of third-party assessors

3) Flexible Implementation

  • Spirit of collaboration: Allows companies, under certain limited circumstances, to make Plans of Action & Milestones (POA&Ms) to achieve certification
  • Added flexibility and speed: Allows waivers to CMMC requirements under certain limited circumstances

So When do the Changes take effect?

The changes reflected in CMMC 2.0 will be implemented through the rulemaking process. Companies will be required to comply once the forthcoming rules go into effect. The Department intends to pursue rulemaking both in Part 32 of the Code of Federal Regulations (C.F.R.) as well as in the Defense Federal Acquisition Regulation Supplement (DFARS) in Part 48 of the C.F.R. Both rules will have a public comment period. Stakeholder input is critical to meeting the objectives of the CMMC program, and the Department will actively seek opportunities to engage stakeholders as it drives towards full implementation.

While these rulemaking efforts are ongoing, the Department intends to suspend the current CMMC Piloting efforts and will not approve inclusion of a CMMC requirement in any DoD solicitation.

The DoD is exploring opportunities to provide incentives for contractors who voluntarily obtain a CMMC certification in the interim period. Additional information will be provided as it becomes available.

Action you can take

We are also launching a pre-assessment readiness tool to help get you started. Reach out to us at 301-576-1122 or https://cmmcassessmentreadiness.com/ to learn more.

You can also schedule a 15-minutes CMMC consultation with our cybersecurity solution specialist with the link below
https://calendly.com/femidada1

FREE IT Optimization Plan

Are you completely fed up with chronic computer problems and escalating IT costs? Do you worry that your backups and IT security are lacking? Do you have a sneaking suspicion that your current IT guy doesn’t have a handle on things? Our free IT optimization plan will reveal gaps and oversights in your computer network and show you how to eliminate all your IT problems and never pay for unnecessary IT expenses again.

Complete this form below to get started. We will contact you to discuss next steps to getting your free IT Optimization Plan.

OTHER RELATED ARTICLES

“Savings” That Could Cost You EVERYTHING

“Savings” That Could Cost You EVERYTHING

In today’s digital landscape, free antivirus and firewall software may seem like a cost-effective choice for protecting your business. However, these solutions often come with hidden risks and limitations that could leave your organization vulnerable to cyber threats. Discover why investing in robust cybersecurity solutions is crucial for safeguarding your business against evolving risks.

The Silent Danger: A Powerful Lesson For Every Business From This $1.6 Billion Ransomware Attack

The Silent Danger: A Powerful Lesson For Every Business From This $1.6 Billion Ransomware Attack

In recent months, the alarming cybersecurity breach at Change Healthcare, a health care payment-processing company under UnitedHealth Group, has highlighted a chilling reality: cyberthreats can lurk undetected within our networks, ready to unleash chaos at a moment’s notice. The breach, executed by the notorious ALPHV/BlackCat hacker group, involved the group lying dormant within the company’s environment for nine days before launching a crippling ransomware attack. This incident underscores an urgent message for all business leaders: robust cybersecurity systems and recovery plans are not optional but a fundamental necessity for every business.

How Poor Tech Support Is Slowing Down Your Business

How Poor Tech Support Is Slowing Down Your Business

In this article, we explore the benefits of tough, assertive leadership in business, drawing insights from Steve Jobs and Tony Soprano. Learn why it’s crucial to stand firm, protect your organization, and implement robust security measures to safeguard against cyber threats.