top of page

Bluestreak™ is asking - 
How Secure is Your Data?
(And your customers' data?)

Anchor 1

The U.S. Department of Defense just released CMMC 2.0.
The evolution of CMMC comes with significant changes.


A couple of highlights include:

  •  The model is streamlined from 5 levels to 3 levels (essentially removing levels 2 & 4).

  •  CMMC 2.0 focuses on NIST standards. Per the DoD website: 

  • Level 1 in CMMC 2.0 (the “Foundational” level) includes 17 of the NIST 800-171 practices.

  • Level 2 in CMMC 2.0 (the “Advanced” level) will be the equivalent to the NIST SP 800-171. The extra 20 practices introduced in the former CMMC level 3 are removed.

  • Level 3 in CMMC 2.0 (the “Expert” level) (previously level 5) is currently under development but will be based on a subset of NIST SP 800-172 requirements.

  • Removing the requirement that all DoD contractors get certified by a third-party assessor. Per the DoD website:

“DoD’s intent under CMMC 2.0 is that if a DIB company does not process, store, or transmit Controlled Unclassified Information (CUI) on its unclassified network, but does process, store, or handle Federal Contract Information (FCI), then it must perform a CMMC Level 1 self-assessment and submit the results with an annual affirmation by a senior company official into SPRS.

Once CMMC 2.0 is implemented, self-assessments, associated with Level 1, and a subset of Level 2 programs, will be required on an annual basis. Third-party and government-led assessments, associated with some Level 2 and all Level 3 programs, will be required on a triennial basis.”

These changes to CMMC will be implemented through the rulemaking process, which will include a public comment period. Compliance with CMMC will be required once the rules go into effect. The current CMMC piloting effects are being halted, and DoD indicated they will not include a CMMC requirement in any contracts while the rulemaking efforts are ongoing.

Cover Image of Defense and Munitions Magazine

Written by Joe Coleman Cybersecurity Officer, Bluestreak Compliance™


Bluestreak Compliance™ can help reduce your Cybersecurity Risk.

Click here to learn about which of the 110 NIST 800-171 & CMMC Controls Bluestreak™ Currently Supports.

CMMc Model Structure ForWebsite-768x670
Contact Us
Contact Us
bottom of page