top of page
business-people-with-digital-tablet-blueprint.jpg

CMMC 2.0 Compliance Guide: Navigating New DoD Requirements

CMMC Compliance 2024_Page_01.jpg

Download the White Paper

Securance has more than two decades of experience helping organizations combat evolved cyber threats, build effective risk management programs, align with compliance standards, and increase operational efficiency. Our comprehensive approach integrates proven methodologies, dependable expertise, and each customer’s unique requirements to maximize the benefits and long term value of each assessment.

INTRODUCTION

To help the Department of Defense (DoD) protect controlled unclassified information (CUI) within its supply chain, about 300,000 defense suppliers that are part of the Defense Industrial Base (DIB) must now comply with rigorous cybersecurity standards before being eligible to win DoD contracts. Subcontractors will also be expected to comply with the appropriate maturity level. To meet this challenge, in 2020, the federal government announced Cybersecurity Maturity Model Certification (CMMC) 1.0, a framework for protecting data handled by defense contractors from cyber attacks. CMMC guidelines are still not finalized, and much remains unknown. In response to almost 1,000 public comments, in late 2021, the DoD decided to make compliance easier and less costly by introducing CMMC 2.0, which significantly streamlined the requirements of CMMC 1.0. As of this writing (June 2022), the rulemaking process is still ongoing, and CMMC 2.0 is expected to be finalized by the end of 2022. In the interim, this guide will help answer some questions and provide clarity around CMMC 2.0 standards and the expectations, costs, and hurdles that come with it.

CMMC 2.0 should alleviate many of the compliance hurdles contractors face, but implementation issues persist.

bottom of page