Intelice Solutions: Blog
DoD Contractors—Do You Know What These CMMC Updates Mean For You?
DoD Contractors—Do You Know What These CMMC Updates Mean For You?
The DoD just released CMMC 2.0, which drastically changes compliance expectations for contractors over the course of the next year. Read this article to find out what you need to know, or contact Intelice Solutions directly for immediate guidance.
A Simple Guide To CMMC 2.0
The Department of Defense has just issued updates to the Cybersecurity Maturity Model Certification (CMMC) with version 2.0. This updated policy is the result of the internal program assessment led by senior leaders through the DoD.
The good news is that this update pushes out your deadline for CMMC compliance, and vastly simplifies your required action in the meantime. While you don’t have to rush to gain compliance right now, don’t assume you can forget about your DoD compliance efforts altogether.
A Summary Of CMMC 2.0 Changes
For the most part, this update means you have more time to consider your CMMC strategy. As the DoD carries out a public review and sorts out additional details, you can slow down and more carefully plan your CMMC compliance when it will become necessary next year.
What You Need To Know About CMMC 2.0
As explained in the DoD’s CMMC program overview and implementation overview, this new version of the CMMC program must undergo public review before it can be accepted and properly implemented. Until this process is complete, all CMMC initiatives and deadlines are on hold.
Here are the key changes you need to be aware of:
- All CMMC language will be removed from DoD contracts for at least the next 9-12 months
- CMMC level 3 controls are being removed from DFARS and NIST 800-17
- CMMC Level 2 and Level 4 maturity categories are being discontinued, and level 2 is replacing the previous level 3
- You may self-assess for CMMC Level 1 audits
- CMMC Level 2 includes the following options:
- Non- Prioritized Acquisitions/Data: May be self-assessed
- Prioritized Acquisitions/Data: Requires a third-party assessment specifically for those assets
- Should you meet the necessary minimum score, you may be allowed to use POA&Ms
- You may qualify for a CMMC exemption waiver if you have certain mission-critical components
- Contractors that voluntarily gain CMMC certification may be entitled to further incentives, which at this time are undefined
Need Expert Assistance Managing Your Compliance?
Just because CMMC compliance has been delayed, that doesn’t mean you don’t have to worry about compliance in general. You still need to maintain DFARS and NIST compliance and begin planning for your CMMC initiatives for next year.
If you’re looking for expert guidance, Intelice Solutions is here to help. We work with DOD contractors throughout the Washington and DC Metro area and can assist in developing confident DFARS, NIST, and CMMC compliance.