Introducing the Cybersecurity Maturity Model Certification 2.0
Are you a small or medium-sized business that sells products or services in the Defense Industrial Base? Are you concerned about the potential expense involved since the introduction of the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) program? If so, then you may find the recent introduction of CMMC 2.0 to be welcome news.
In the previous version of CMMC, all companies in the Defense Supply Chain required a formal assessment to be granted certification to continue doing business, or awarded new contracts, with the Department of Defense (DOD). The certification process was a strict pass/fail situation with absolutely no room for missing or partial implementation of any of the practices. The certification also required multiple highly trained individuals to complete the formal assessment and certification process at significant expense. For many, this is no longer the case. Self-assessments are back.
Per the DOD…
The enhanced “CMMC 2.0” program maintains the program’s original goal of safeguarding sensitive information, while:
- Simplifying the CMMC standard and providing additional clarity on cybersecurity regulatory, policy, and contracting requirements;
- Focusing the most advanced cybersecurity standards and third-party assessment requirements on companies supporting the highest priority programs; and
- Increasing department oversight of professional and ethical standards in the assessment ecosystem.
Together, these enhancements:
- Ensure accountability for companies to implement cybersecurity standards while minimizing barriers to compliance with DOD requirements;
- Instill a collaborative culture of cybersecurity and cyber resilience; and
- Enhance public trust in the CMMC ecosystem, while increasing overall ease of execution.
Want to learn more? We can help! Contact us to learn more about our cybersecurity assessment practice and look for future blogs covering CMMC 2.0 as more details become available.