The Cybersecurity Maturity Model Certification (CMMC) framework is a relatively new, yet still partially implemented, set of cybersecurity regulations targeting DoD agencies and contractors. The DoD specifically built the rules to address the IT infrastructure and security practices needed to handle Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). After a lengthy period of review, the DoD has, as of November 2021, released an updated version of CMMC, known colloquially as CMMC 2.0.
What is CMMC 2.0? We’ll cover some of the more significant changes here, what this means for DoD contractors, and how you can prepare for the change.