Considerable changes to the Cybersecurity Maturity Model Certification (CMMC) are about to take effect! Stay informed to determine what this may mean for you.

CMMC 2.0

Recently, eTrepid learned of "enhancements" to the CMMC framework and adjusted requirements released by the Department of Defense (DOD).

These enhancements include changes regarding:

  • Level 1 now includes a self-assessment
  • Eliminating levels 2 and 4
  • CMMC requirements will be driven by NIST 800-171
  • Development of a time-bound and enforceable Plan of Action and Milestone (POA&M) process
  • Development of a selective, time-bound waiver process


More information about CMMC 2.0 can be found here.

Our Thoughts

After reviewing the changes set forth, it is clear there is one BIG takeaway. Just as considered when the establishment of CMMC was initially released, the focus of any organization trying to comply with an ever-changing framework is to start with NIST 800-171. In any case, NIST 800-171 is consistent. We found this was even the case with the previous release of the Interim Rule. While changes to CMMC continue to unfold, it is unlikely regulations will dial down below the NIST 800-171 blueprint. Therefore, if you think you will fall into Maturity Level 2 (formally Maturity Level 3), your focus should fall in line with regulations associated with NIST 800-171.

Another item that sticks out includes the availability and use of POA&Ms to achieve certifications and meet CMMC requirements, which at one time was not a consideration. Yet, there needs to be a timeline in place in which you need to execute.

More of our thoughts will be shared as we continue to take a deep dive into the release. In the meantime, do what is necessary to become familiar with how this may directly impact your organization.

What Now?!?

We wanted to be sure you were first in line to become aware of these changes and will continue sending notifications as we receive them. In the meantime, sign-up for our upcoming webinar scheduled for November 17th with guest speaker and Duffy Compliance CEO Shawn Duffy, covering these changes and more.

The Deep Dive into CMMC

Let's take a deep dive into recently published changes regarding the CMMC Framework and gain insight regarding maturity levels, requirements, and more. Watch Now!

Empowering Business to Compute with Clarity

We are always here to answer any questions you may have and continue to guide your CMMC Journey. Let us know if you have any questions we may be able to answer.

                                                      Schedule a Meeting

About the Author:

Leave A Comment