Adrian Johnson
TLDR:
– CMCC 2.0 on track to start early 2025
– The Pentagon is seeking to increase cybersecurity for industry through its CMMC program
The Pentagon’s Cybersecurity Maturity Model Certification (CMMC) version 2.0 is set to begin in early 2025, with the goal of strengthening the defense industrial base’s cybersecurity capabilities while addressing industry complaints about the cost and restrictions of CMMC 1.0. The new program, proposed on Dec. 26, 2023, includes a three-level scale for contractors who handle controlled unclassified information, with requirements for adherence to NIST SP 800-171 controls. Changes in CMMC 2.0 include self-assessments, evaluations by third-party organizations, or government evaluators depending on the contractor’s level of controlled information. The Pentagon plans to roll out CMMC 2.0 in parts, starting early next year, with all applications required to meet CMMC standards by Oct.1, 2026.
