Senior Consultant, Information Security Services
United StatesContact Robert
What is the difference between CMMC 1.0 and CMMC 2.0?
In September of 2020, the DoD published an interim rule with the Federal Register which kicked off CMMC 1.0. This intern rule outlined the basic framework, a five-tiered level model, implementation structures, and contract requirements. In March of 2021, the DoD conducted an internal review of the CMMC 1.0 program with the goal of refining certain aspects of the requirements. In November of 2021, the DoD announced an update to the CMMC program, based on the internal review - titled CMMC 2.0. The outline of CMMC 2.0 focuses on further measures to safeguard sensitive information, enhancements to DIB security, and minimizing barriers to compliance.
Do organizations have to comply with CMMC 1.0 before getting to CMMC 2.0?
No. The DoD does not intent to require CMMC compliance in contracts prior to the completion and codification of CMMC 2.0.
What is the CMMC-AB?
The CMMC-AB (www.cmmcab.org) is an independent organization that will authorize, oversee, and accredit CMMC Third Party Assessors.
When will CMMC 2.0 become a requirement for DoD contracts?
CMMC 2.0 is currently in the process of rule-making and that process, including timelines, can take between 9-24 months (starting in November 2021). Once the rule-making process is complete, CMMC 2.0 will become a contractual requirement for the DIB.
Why did the DoD make the changes to CMMC 2.0?
850 public comments and feedback from industry stakeholders, congress, and other supporting members led the DoD to an internal review of the initial interim rule set in motion within CMMC 1.0. The internal review lead to a focus on reducing cost and improving efficiencies, especially for small and medium businesses, improving trust in the CMMC assessment process and ecosystem, and clarifying cybersecurity and federal requirements in CMMC 1.0.
How much will it cost to implement and support CMMC 2.0?
The DoD is expected to publish a complete cost analysis for each level of CMMC 2.0 after the completion of rule-making. It is expect to be significantly lower in cost than projected CMMC 1.0 pricing.
- information courtesy of https://www.acq.osd.mil/cmmc/about-us.html