Previous Defense Federal Acquisition Regulation (DFAR) security protocol Successfully complied with the NIST 800-171, thereby protecting the Controlled Unclassified Information (CUI). However, the new CMMC model introduced multiple levels requiring third-party certifications. The Office of the Under Secretary of Defense for Acquisition and Sustainment will be responsible for managing the CMMC.
All US DoD RFP’s will mandate a CMMC level from 1-5, and this will affect prime contractors, along with suppliers to prime contractors in contract flow downs. From here on, every DoD Request for Proposal (RFP) will be listing the level of CMMC compliance required to place the bid, and all the bidders are expected to have achieved that level. Besides, they must possess proof of certification to place their bids.
How to get started with CMMC 2.0 and its compliance?
If you are a defense contractor then you are required to meet the 110 controls in NIST 800-171. The new CMMC 2.0 will arm the DoD in its efforts and will strengthen the cyber security technology against cyberattacks. CMMC 2.0 platform processes through federal rulemaking enforcement.
It is the most essential security control DoD contract to protect CUI and seek enforcement of federal control regulations governing defense compliance pathway.
CMMC 2.0 streamlines the security model by reducing the number of CMMC levels and provides a pathway toward a perfect and consistent Cybersecurity Maturity model framework certification.