On November 4, the Department of Defense (DoD) announced the strategic direction of the Cybersecurity Maturity Model Certification (CMMC) program, which marks the completion of an internal program assessment led by senior leaders across DoD.

CMMC 2.0 brings about a number of changes which DoD will be pursue through the rulemaking process and will include public comment periods.

Listen to Neal Beggan, a Principal in Cherry Bekaert’s Information Assurance & Cybersecurity Practice, selected as one of the first Provisional Assessors nationwide by the CMMC Accreditation Body, and Eric Poppe, a Managing Director in the Firm’s Government Contractor Services Group, as they discuss DoD’s modifications and their potential impact on contractors and subcontractors in the defense industrial base (DIB).

Changes include:

  • Eliminating levels 2 and 4 of the framework and using National Institute of Standards and Technology (NIST) cybersecurity standards
  • Companies at Level 1, and a subsection of companies at Level 2 will only be required to demonstrate compliance through annual self-assessments
  • Triannual third-party assessments at Level 2 for critical national security information, as well as triannual government-led assessments at Level 3
  • Increase in oversight of professional and ethical standards of third-party assessors
  • New waiver processes for select requirements – DoD indicated:
    •  “Under certain limited circumstances”, companies can make “Plans of Action & Milestones (POA&Ms)” to achieve certification
    • “Under certain limited circumstances”, waivers to CMMC requirements will be allowed

DoD is also suspending the current CMMC pilot program for select contracts and will not approve any CMMC requirements in DoD solicitations while the rulemaking is underway. The Defense Department further indicated that it is looking at providing incentives to contractors who voluntarily obtain certification during the interim period and more information will be forthcoming.

Catch up on Cherry’s Bekaert’s Insights pertaining to CMMC 2.0:


View All Government Contracting Podcasts

 

Neal W. Beggan

Risk Advisory Services

Partner, Cherry Bekaert Advisory LLC

Eric Poppe

Advisory Services

Managing Director, Cherry Bekaert Advisory LLC

Past Episodes

Podcast

December 17, 2024

12:07

Speakers: Jeffrey Annessa, Jade Casey

Gain a clear understanding of forward pricing rates, their proposal process, and the advantages they bring to government contractors.

Podcast

December 3, 2024

17:44

Speakers: Jeffrey Annessa

Learn about the Truthful Cost or Pricing Data Act and its impact on government contracting, including cost data, audits, and compliance best practices.

Podcast

December 3, 2024

8:21

Speakers: Romain Robveille

How to Get the Most Out of Deltek CostpointHow to Get the Most Out of Deltek Costpoint