CMMC 2.0 Is Finally Here. Now What?

For years, the defense industrial base (DIB) has heard the government will start cracking down with mandatory minimum levels of cybersecurity. Finally, Cybersecurity Maturity Model Certification (CMMC) 2.0 has arrived.

The CMMC framework will be a phased rollout, but all companies with DOD contracts containing DFARS clause 252.204-7012, DFARS provision 252.204-7019, or DFARS clause 252.204-7020 must comply with existing requirements. These existing requirements are essentially the same as CMMC ML 2, meaning many companies already have a contractual requirement to implement the required controls.


Now what?  Despite all the time to prepare, most of the DIB isn’t ready.

CyberSheath commissioned a study by Merrill Research to show the state of the DIB’s compliance with the 110 controls required by CMMC. The study shows only 19% of respondents have implemented vulnerability management solutions, and 25% have secure IT backup solutions. Compared to last year’s inaugural survey, adoption of both solutions actually decreased in 2023.

What’s more, 81% of respondents claim to be compliant only via self-assessment, up 10 percentage points from last year. Without a true assessment, it’s extremely difficult for an organization to know whether it has achieved or can maintain compliance.

Now that CMMC 2.0 has been released, and the risk of audits and enforcement is closer than ever, organizations can’t afford to be apprehensive. It’s no longer acceptable to deem CMMC too complex and pick and choose aspects of compliance — the study shows that, on a scale from 1 to 10, 70% of respondents rated the difficulty of understanding CMMC compliance as a 7 or higher.

While CMMC 2.0 may seem daunting, especially now that there’s a deadline in sight, you don’t have to go it alone. CyberSheath is the compliance partner that can reduce your burden and ensure you maintain compliance so you can keep doing business with the DOD.

Federal Enclave: A turnkey solution, compliant with NIST SP 800-171, CMMC 2.0 and DFARS 252.204-7012

CyberSheath’s Federal Enclave is the industry’s first CMMC enclave, designed specifically for the DIB to protect its controlled unclassified information (CUI) and DOD project data. Federal Enclave’s custom-built dashboard brings together world-leading technologies for compiling data and facilitating visibility into compliance, so contractors know they’re adherent and secure.

Contact us to learn more about how CyberSheath can help you achieve and maintain CMMC 2.0 compliance, so you can have confidence in your ability to win new government contracts.

Join us for CMMC CON 2024 on Sept. 25, 2024, at 9am EST for a free, virtual, one-day conference focused on safeguarding against cyber threats.
This is default text for notification bar