CMMC 2.0: What's Changed and What's Next

When DOD rolled out its Cybersecurity Maturity Model Certification program in 2020, it was designed to secure the Controlled Unclassified Information (CUI) in systems used by contractors in Defense Industrial Base that support business and warfighting efforts. Initially, an independent accreditation body was to certify a group of third-party assessment organizations. The plan ran into a number of obstacles as industry organizations questioned costs and reciprocity with other certifications, such as FedRAMP.

The program was paused for six months as DOD did an internal review. CMMC version 2 was announced in Nov. 2021 with a number of changes—the program office was moved to the DOD CIO’s office, the number of levels has been reduced to three and only contractors handling very sensitive information need to go thru the third-party certification process.

To understand how this affects both government and industry, join us for this discussion about the next generation of certifications for Defense contractors and how it will affect civilian contracts as well.

Attendees will come away with a better understanding of:

• How NIST SP 800-171/172 work with CMMC certifications
• Incentives being discussed for contractors to increase security practices before it is legally required
• What guides are available for self-assessment
• Which companies can self-assess and which need accreditation
• How does the CMMC reboot affect civilian contracts that planned to adopt its security features