CMMC 2.0: What You Need to Know


January 2020 marked the official beginning of the Cybersecurity Maturity Model Certification (CMMC) program. When CMMC version 1.0 was released, it outlined five different CMMC levels. Each CMMC level enforced additional security measures. The Department of Defense (DoD) developed CMMC to dynamically enhance the Defense Industrial Base (DIB) cybersecurity to meet evolving threats and safeguard the information that supports and enables our warfighters. While its intentions are justified, the requirements and implementation strategy was unclear to some and unjust for others. Due to the resource intensive nature of compliance coupled with public concern of this new initiative, DoD initiated an internal assessment of CMMC 1.0 implementation 14 months after the initial release that was informed by public comments in response to the interim DFARS rule. This programmatic assessment of CMMC engaged cybersecurity and acquisition leaders within DoD to refine policy and program implementation which resulted in CMMC version 2.0. This article aims to inform its readers on the new changes and fill some knowledge gaps from the resource overload concerning CMMC 2.0.

In November 2021, CMMC 2.0 made its official appearance into our strategic planning as members of the DIB. Some of the key changes and highlights to know are:

While some speculate CMMC 2.0 could be finalized no earlier than 24 months from its official announcement, members of the DIB must start to prepare for its adoption. Information security will only get more and more important. Organizations must find ways to not only get compliant but also employ an overall security posture that prevents and detects cyber threats. Being compliant while securing information means employing administrative and technical controls. If you require assistance in deployment of technical controls in an automated and easy to use fashion, we recommend you explore our SEA Level product ( This product implements CMMC controls from NIST 800-171 and NIST 800-172.

As seasoned security consultants, SixGen understands organization needs will vary. If you have any additional questions on CMMC 2.0 and how it affects your company, reach out to SixGen’s team of experts at