To safeguard sensitive national security information, the Department of Defense (DoD) launched CMMC 2.0, a comprehensive framework to protect the defense industrial base from increasingly frequent and complex cyberattacks. With its streamlined requirements, CMMC 2.0:
- Cuts red tape for small and medium sized businesses
- Sets priorities for protecting DoD information
- Reinforces cooperation between the DoD and industry in addressing evolving cyber threats
DoD does not intend to approve inclusion of a Cybersecurity Maturity Model Certification (CMMC) requirement in any contract prior to completion of the CMMC 2.0 rulemaking process, which can take 9 to 24 months.
CMMC 2.0 will become a requirement once rulemaking is completed. It is highly recommended that Industry review the Securing the Defense Industrial Base CMMC 2.0 website.