The US Department of Defense published the Level 1 Self-Assessment Guide for CMMC 2.0 on 13-DEC-2021.
Successful implementations are not measured by scores. The most valuable elements to a successful implementation do not have a weighted value.
With CMMC 2.0, DoD removed process maturity as an assessed requirement. Some commentators are suggesting that NIST 800-171’s “NFO” controls inherently require policies. We explore the requirement in this article.
Former CMMC-AB board of directors James Goepel, Mark Berman, and Ben Tchoubineh authored a letter to the President which analyzes why CMMC 2.0 is inconsistent with the President’s recent Executive Order and is harmful to our national security.
DoD submitted but quickly withdrew an “advanced notice of proposed rulemaking” entitled “Cybersecurity Maturity Model Certification 2.0 Updates and Way Forward”.