On November 4, the Department of Defense (DoD) announced the strategic direction of the Cybersecurity Maturity Model Certification (CMMC) program, which marks the completion of an internal program assessment led by senior leaders across DoD.

CMMC 2.0 brings about a number of changes which DoD will be pursue through the rulemaking process and will include public comment periods.

Listen to Neal Beggan, a Principal in Cherry Bekaert’s Information Assurance & Cybersecurity Practice, selected as one of the first Provisional Assessors nationwide by the CMMC Accreditation Body, and Eric Poppe, a Managing Director in the Firm’s Government Contractor Services Group, as they discuss DoD’s modifications and their potential impact on contractors and subcontractors in the defense industrial base (DIB).

Changes include:

  • Eliminating levels 2 and 4 of the framework and using National Institute of Standards and Technology (NIST) cybersecurity standards
  • Companies at Level 1, and a subsection of companies at Level 2 will only be required to demonstrate compliance through annual self-assessments
  • Triannual third-party assessments at Level 2 for critical national security information, as well as triannual government-led assessments at Level 3
  • Increase in oversight of professional and ethical standards of third-party assessors
  • New waiver processes for select requirements – DoD indicated:
    •  “Under certain limited circumstances”, companies can make “Plans of Action & Milestones (POA&Ms)” to achieve certification
    • “Under certain limited circumstances”, waivers to CMMC requirements will be allowed

DoD is also suspending the current CMMC pilot program for select contracts and will not approve any CMMC requirements in DoD solicitations while the rulemaking is underway. The Defense Department further indicated that it is looking at providing incentives to contractors who voluntarily obtain certification during the interim period and more information will be forthcoming.

Catch up on Cherry’s Bekaert’s Insights pertaining to CMMC 2.0:


View All Government Contracting Podcasts

 

Neal W. Beggan

Risk & Accounting Advisory Services

Partner, Cherry Bekaert Advisory LLC

Eric Poppe

Advisory Services

Managing Director, Cherry Bekaert Advisory LLC

Past Episodes

Podcast

September 10, 2024

12:15

Speakers: Eric Poppe, Jonathan Reid

Learn the do's, don'ts, and pitfalls of outsourced accounting for government contractors. Discover how to make a smooth transition to outsourced accounting.

Podcast

August 28, 2024

15:04

Speakers: Eric Poppe

Learn the crucial steps in selecting an ERP system that aligns with your business needs, including stakeholder discussions and integration requirements.

Podcast

August 13, 2024

11:04

Speakers: Michael G. Cippel, Irwin Kaplan, Jonathan Reid

Explore the benefits of accounting outsourcing for government contractors and learn how to choose the right firm and optimize your partnership.