The Department of Defense (DoD) has announced the final rule for Cybersecurity Maturity Model Certification (CMMC) 2.0, and contractors will be expected to meet these standards in 2025. The new guidelines were officially published in the Federal Register on October 15, 2024.
The CMMC program features a three-tier cybersecurity framework that requires defense contractors handling Controlled Unclassified Information (CUI) or Federal Contract Information (FCI) to achieve compliance at one of the three levels based on the sensitivity of the data. The CMMC 2.0 framework is designed to protect DoD data stored, processed or transmitted on contractor systems from exploitation by ensuring adherence to widely accepted NIST security controls.
This final rule comes after years of work to refine the original CMMC framework, making the requirements clearer for contractors. The revised model permits contractors at Level 1 to perform self-assessments of their cybersecurity compliance. However, those working with more sensitive data will be required to undergo third-party assessments or evaluations by the Defense Industrial Base Cybersecurity Assessment Center to ensure they meet the necessary standards.
Auditwerx is a candidate C3PAO ready to assist with your organization’s CMMC Readiness needs. As a trusted compliance partner, Auditwerx offers high-quality reporting paired with the industry knowledge you need for a seamless reporting experience.
