2022 saw a lot of changes to the CMMC program, and even to the government’s approach to supply chain cybersecurity. In this post, we summarize some of the key DoD-related changes in an effort to help contractors understand what they will likely encounter in 2023.
Government representatives have stated that complying with CMMC 2.0 Level 2 shouldn’t cost contractors or the government anything, because contractors have been attesting to the government that they are doing these things for years. This article explores why this is correct only for a small minority (17 out of 110) of the controls in CMMC 2.0 Level 2.
We are hosting a series of virtual “Open Sessions” every 2 weeks for Communities members where members can discuss NIST SP 800-171, CMMC, CUI, and other cybersecurity-related topics. The idea is to provide a forum through which OSCs, C3PAOs, Provisional Assessors, Registered Practitioners, Procurement Specialists, and others in the CMMC Ecosystem can have candid discussions, (more…)