Federal News Network Commentary: Let the dust settle on CMMC 2.0

“At a high level, here are the important takeaways from CMMC 2.0:

  • There are now going to be three levels of security, reduced from CMMC 1.0’s five levels.
  • The new Level 1 security retains the same 17 controls as CMMC 1.0 Level 1 but removes independent validation requirements, allowing DIB vendors to perform annual self-assessments.
  • The new Level 2 (previously CMMC 1.0 Level 3) now includes only the 110 practices from NIST SP 800-171 Rev. 2, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. The additional 20 practices and three processes borrowed from other security frameworks (e.g., FAR Clause 52.204-21, NIST 800-53 Rev. 4, NIST CSF v1.1.) that were part of CMMC 1.0 have been removed…”
  • “The new Level 3 (Previously CMMC 1.0 Level 5) now only includes the practices from NIST 800-172, Enhanced Security Requirements for Protecting Controlled Unclassified Information, a supplement to NIST SP 800-171…”

“In light of recent events, my recommendation is that everyone needs to step back and take a breath. Let’s all let the DoD and the CMMC-AB (if it will still exist in this CMMC 2.0 world) put pen to paper and codify what CMMC 2.0 will actually look like to prevent the same fallout from CMMC 1.0 hitting us all again with 2.0.

In the meantime, NIST 800-171 always has been and continues to be the law of the land. If your DIB organization processes, stores, and/or transmits confidential unclassified information, you’ll need to ensure that you implement NIST 800-171 in its entirety. Whether you’ll eventually need an independent third-party to assess your implementation or you’ll be able to self-assess doesn’t really matter. NIST 800-171 provides a solid baseline to securing critical data, and it’s the bare minimum that every vendor that does business with the DoD should put squarely in its sights…” Read the full article here.

Source: Let the dust settle on CMMC 2.0 – By Johann Dettweiler, January 13, 2022. Federal News Network.


This topic contains 0 replies, has 1 voice, and was last updated by  Jackie Gilbert 1 week, 3 days ago.

  • Author
  • #146197

    Replies viewable by members only


You must be logged in to reply to this topic.


Questions?. Send us an email and we'll get back to you, asap.


©2022 MileMarker10, LLC all rights reserved | Community and Member Guidelines | Privacy Policy | About G2Xchange FedCiv

Opportunities. Starting Points.

About our Data

The Vault is a listing of expiring contracts, task orders, etc. within a certain set of parameters, to include:

  • Have an initial total estimated contract value of $10 million or above
  • Federal Civilian Only – DHS, Transportation, Justice, Labor, Interior, Commerce, Energy, State, and Treasury Actions
  • NAICS codes include: 511210, 518210, 519130, 519190, 541511,
    541513, 541519, 541611, 541618,
    541690, 541720, 541990
  • Were modified within the last 12 calendar months
  • The data represented is based on information provided by the government

Who has access? Please note that ALL G2Xchange FedCiv Members will receive access to all basic and much of the advanced data. G2Xchange FedCiv Corporate Members will receive access to ALL Vault content (basic and advanced).

Feedback/Suggestions? Contact us at Vault@G2Xchange.com and let us know what you think. 

G2Xchange FedCiv

Log in with your credentials for G2Xchange FedCiv

Forgot your details?