The bottom line of CMMC 2.0

I had the opportunity to dive into the details of CMMC 1.0 and examine how 2.0 differs. And the bottom line is that CMMC v2.0 simply expounds on the role of the assessor, and does not redefine the 5 levels under v1.0.

Ok, ok - please hold your tomatoes!

Yes, CMMC 2.0 level 2 requires CMMC 1.0 level 3, but so does CMMC 2.0 level 3 - see what I mean?

I asked Google Bard to help me understand this, and it revealed that this becomes evident in the following changes:

The assessor's role has been expanded to include more responsibility for ensuring that organizations are compliant with CMMC.
The assessor must now have a higher level of experience and expertise in information security.
The assessor must now follow a more rigorous process when conducting an assessment.

These changes are designed to ensure that organizations are assessed more consistently and accurately under CMMC v2.0.

They also reflect the growing importance of information security in the federal contracting environment.

Here are some of the specific changes to the assessor's role in CMMC v2.0:

The assessor must now have a minimum of five years of experience in information security.
The assessor must now be certified by a CMMC-accredited third-party organization.
The assessor must now follow a more rigorous process when conducting an assessment, including conducting interviews with key personnel, reviewing documentation, and testing controls.

These changes are designed to ensure that assessors have the knowledge and experience necessary to assess organizations for compliance with CMMC. They also reflect the growing importance of information security in the federal contracting environment.

Earlier, I mentioned level 3 of CMMC 2.0 - this simply means that the DoD assesses vs relying on a CMMC 3rd party assessor (C3PAO).

The changes to CMMC v2.0 are significant and will have a major impact on organizations that do business with the federal government. Organizations that are not already compliant with CMMC v1.0 should start planning now to achieve compliance with v2.0.

AI for Small Businesses: How to Implement It Without Losing the Human Touch

Posted on Aug 7th, 2023

In the dynamic landscape of modern business, small enterprises are increasingly turning to Artificial Intelligence (AI) as a …

Beyond the Microsoft Data Breach: Cybersecurity Tips for Protecting Your Business

Posted on Aug 7th, 2023

In the ever-evolving landscape of digital threats, data breaches have become a prevailing concern for businesses of all sizes.

…

What Are the Cybersecurity Risks of Cryptocurrency?

Posted on June 26th, 2023

In recent years, the world of finance has witnessed a significant rise in the popularity and adoption of cryptocurrencies. …

Contact Us

Send a Message

Please provide us with as much detail as possible.

Your first name

Your last name

Your email

Your phone number

Tell us about your request

I agree with the Terms & Conditions and the Privacy & Cookies Policy of UENI and any applicable Terms and Conditions of Propensic Solutions. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Give us a call

(813) 345-4033

Location

Tampa, Florida

Send us an email

[email protected]

Other website