Doing work for the Federal Government can come with many IT and cybersecurity requirements. Understanding and sensibility implementing these standards allow businesses to be successful in doing business with the government. Updates to the Cybersecurity Maturity Model Certification (CMMC) have helped reduce the barriers to compliance for small and mid-sized companies.

CMMC, DFARS and NIST 800-171

The Cybersecurity Maturity Model Certification (CMMC) is used to safeguard sensitive unclassified information across the Defense Industrial Base by implementing regulatory requirements. The Department of Defense (DoD) found that companies doing business with the federal government were not satisfying the requirements specified in Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012. These requirements include implementation of National Institute of Standards and Technology (NIST) SP 800-171. These requirements did not include official certification or compliance reporting mechanisms.

CMMC became a new scheme that included a certification model. This new version, referred to as CMMC 2.0, was announced on November 4, 2021. The changes are intended to reduce barriers to compliance for small and mid-sized firms while at the same time worked to prevent cyber-attacks.