The Cybersecurity Maturity Model Certification (CMMC) has been a source of anxiety for federal contractors since its inception. The Department of Defense’s (DOD) latest update, CMMC 2.0, aims to simplify the certification process while maintaining the high standards of cybersecurity that the Pentagon demands. But as contractors dig deeper, they may find that the changes offer more than just a streamlined process – they also present opportunities for growth and adaptation.
What’s Changed
At its core, CMMC 2.0 retains the same five levels of cybersecurity maturity that contractors are familiar with: Basic, Intermediate, Advanced, Expert, and Proactive. However, the new model eliminates 42 of the original 171 practices, reducing the number of requirements by 24%. This reduction is a welcome change for contractors who have struggled to meet the original requirements, but it’s essential to note that the updated model still requires a more comprehensive approach to cybersecurity.


