Prepare for CMMC readiness as the new CMMC directive changes how DIB members secure data and document their activities.
The CMMC directive changes how DIB members secure data and document their activities. On November4, CMMC 2.0 was announced.
Each year, hackers and other mal actors grow ever more sophisticated in infiltrating government systems. And the government is keeping pace by issuing security practices and process to protect our nation’s data. In February 2020, the Department of Defense (DoD) released Cybersecurity Maturity Model Certification (CMMC) standards. CMMC creates a set of cybersecurity best practices that draw from multiple, proven cybersecurity standards, frameworks, and references. The DoD intends for CMMC to standardize cybersecurity implementations across the Defense Industrial Base (DIB), including for those in the commercial and supply chain audience.
This directive enhances security procedures for controlled unclassified information (CUI) in all unclassified networks. Without a standard for protecting these networks, many DIB member companies often have fewer controls safeguarding CUI. This makes unclassified networks a path of least resistance for adversaries — if an unauthorized attacker gained control of the identity capabilities at one agency, the access could be used to compromise other federal networks.
Highlights of CMMC v2.0 Changes
The number of CMMC levels in CMMC 2.0 reduced from 5 to 3.
- Old Level 1 becomes CMMC 2.0 Level 1
- Level 3 becomes CMMC 2.0 Level 2
- -Level 5 becomes CMMC 2.0 Level 3
The DoD eliminated the additional 20 controls of the previous CMMC Level 3 built on the NIST 800-171 cybersecurity standard. And the requirement to manage policies, procedures, and resource plans – the CMMC maturity processes – was also eliminated.
Click the Download Button to learn more about CMMC v2.0 and some of the other substantive changes that are likely to affect you.