It’s the third time in five years that the U.S. The Department of Defense (DOD) announced new cybersecurity standards. These comprehensive cybersecurity standards are for government contractors and subcontractors to protect sensitive information.
In 2020, 155.8 million individuals in the USA get affected by cybercrimes. So, CMMC is building a mandatory security process for DoD contractors. moreover, the rules were stated after six months of internal assessment.
So, dive in to know what all the buzz is about.
What is New in CMMC 2.0?
The alterations in CMMC 2.0 will impact companies vying for DoD contracts. The original CMMC is broken down into three levels. Also, only contractors who directly handle sensitive data have to follow new protocols.
They are basic cyber hygiene, intermediate cyber hygiene, good cyber hygiene, proactive and advanced. Also, third-party assessment is mandatory. To know everything about CMMC, read the rules thoroughly.
Here’s the simple explanation of new levels of CMMC 2.0:
Level 1: Foundational
This is for contractors who neither receive, process, nor deal with Controlled Unclassified Information(CUI). Those who don’t handle High-Value Assets(HVA) are also excluded. Companies Falling under this level must do a self-assessment of their security system. It follows the existing standard: FAR 52.204-21.
Level 2: Advanced
It’s for contractors that create and process CUI but not HVA. However, the CUI must be classified as Critical National Security Information. If it’s not, an annual self-assessment is a must. For other contractors, a third-party assessment is must once every three years, conducted by C3PAOs. Further, it references the existing standard: NIST SP 800-171.
Level 3 Expert
It applies to contractors who handle full HVA. Rather than a C3PAO, the government must complete the assessments required at this level. It is aligned with the existing standard: NIST SP 800-172.
Affect of CMMC 2.0 on the DoD Contractors
The new CMMC 2.0 will affect the law and regulations of contracting. So, prepare yourself for new rules as they affect DoD contractors in the following ways.
- The new rules are pretty flexible. It relaxes the rules for contractors and subcontractors who don’t directly handle sensitive information.
- You must first identify your business’s level and go through all necessary assessments.
- Note down all the timelines assessment procedures to build robust security.
- CMMC 2.0 will rule out many third-party assessments. As a result, there will be a faster rollout and implementation cycle.
Let’s Wrap it
Statistics state that around $600 billion is lost annually due to cybercrimes. The COVID era has seen a massive spike in cybercrimes. Therefore, CMMC is regularly updating its rules to build a solid security system. So, help the government and CMMC follow all the mandatory assessments as a DoD contractor.
