CMMC 2.0 – An Easier, Cost-Effective Way Forward for DOD Contractors.
CMMC 2.0 – What changed?
Most notably, CMMC 2.0 now revolves around a three-level model as opposed to the previous five-level system. Along with the decrease in levels, Level 1 organizations will now be allowed to conduct their own self-assessment annually, drastically decreasing the need for a third-party assessor. Furthermore, the Level 2 audits will now be based around NIST SP 800-171 standards. Seeing as how most third-party assessor organizations are familiar with and are already trained in NIST SP 800-171, it would appear that the cost of a rigorous new and specific training will not have to be figured into the audit costs. Finally, Level 3 now mandates that companies go through government-led assessments every three years.
Will CMMMC 2.0 be a financial gain for contractors?
The short answer is YES. This past week, the Pentagon unveiled CMMC 2.0 after serious concerns were raised about CMMC 1.0 and what it meant for Defense Department contractors and the third-party companies that had to assess their compliance. In the wake of these complaints, CMMC 2.0 was born in an attempt to streamline the compliance process and make it monetarily feasible for those contractors who will have to comply with the new regulations.
Did you say POA&M?
Yes, unlike version 1.0, version 2.0 will bring back a plan of action and milestones, allowing companies to finish any outstanding requirements after being awarded a contract as long as baseline requirements have been met. Again, this change appears to take some of the burdens and stress off of contractors, in that they may receive a contract before a full audit is complete.
How to move forward with CMMC 2.0 and MegaplanIT?
Does your organization require the support of a trusted security partner, focused on the overall success of your compliance and cybersecurity efforts? While CMMC 2.0 has just been released and is still subject to revisions and public comment, here at MegaplanIT, we have a deep understanding of the challenges that organizations encounter in meeting CMMC Requirements. Whether you need consulting during your self-assessment or a third-party organization for a full assessment, MegaplanIT will be able to fulfill all of your cybersecurity & compliance needs.
No matter what kind of information your organization handles, security should be of the highest importance. MegaplanlT makes it easy to stay informed, protected, and prepared for any event. We are a customer-focused firm providing support to our clients with a knowledgeable staff of highly qualified Assessors, Penetration Testers, and Information Security Consultants that truly understand the dynamics of your environment. Our innovative IT security and compliance solutions are designed to deliver customized, cost-effective service on time—because your priorities are our priorities.
