An overview of changes and support to help prepare for compliance
In November 2021, the Department of Defense (DoD) announced some sweeping changes are coming to the Cybersecurity Maturity Model Certification (CMMC) program.
With CMMC 2.0, DoD hopes to streamline the model to improve implementation efficiencies and adoption rates for organizations that want to do business within the Defense Industrial Base (DIB).
One of the most significant changes in the move from five CMMC certification levels that were presented in CMMC version 1.0 down to three certification levels in CMMC 2.0.
Further, the changes will decrease the number of controls in the newest version, moving from the original 130 controls down to 110.
Here DoD has decided to remove CMMC-unique controls and instead align the model more closely with the National Institute of Standards and Technology (NIST) cybersecurity standards. Specifically, NIST 800-171 and NIST 800-172 standards guide how organizations handle Controlled Unclassified Information (CUI) information in non-federal information systems.