CMMC Program Changes – CMMC 2.0
Happy Monday, and thanks for tuning in to this week’s segment of Mondays with Miranda!
Last week, the DoD announced major changes to the Cybersecurity Maturity Model Certification (CMMC) with the release of the CMMC 2.0 program. The goal of the new program is to simplify CMMC and strengthen the cybersecurity of the Defense Industrial Base (DIB). According to the DoD’s new CMMC program website, they are aiming to “set priorities for protecting DoD information and reinforce cooperation between the DoD and industry in addressing evolving cyber threats.”
One of the simplifications made to the CMMC program is the decrease in the amount of levels, with CMMC 2.0 including only three levels (1-3), as opposed to the five levels before. Also, according to the new CMMC program website, contractors who only handle “federal contract information” and not Controlled Unclassified Information (CUI), will only be required to perform annual self-assessments.
These CMMC changes come shortly after John Sherman, Acting CIO for the DoD, said that if he were to move into the CIO position permanently he would like to “update the CMMC program to function fully for small and medium-sized businesses.” Sherman also stated that he would work with the “National Security Agency and U.S. Cyber Command to provide a “cybersecurity-as-a-service” model that would give businesses “templates and guides on how to do this so they don’t have to reinvent the wheel.”
That’s all for today! Thank you for tuning in to this week’s segment of “Mondays With Miranda!” Keep up to date with current news by following NeQter Labs on Twitter, Facebook, LinkedIn, and Youtube. We love comments and questions, so please feel free to send me an email at firstname.lastname@example.org.