CMMC 2.0 vs CMMC 1.0: What Are the Key Changes?

Chris Turn May 11, 2023

CMMC 2.0 has made several changes in comparison to CMMC 1.0. Here are the 6 key changes:

1. Introduction of Assessor Credentialing Process

In order to become a certified assessor, individuals must now go through a formal credentialing process determined and managed by the CMMC Accreditation Body. With this new process, assessors must demonstrate relevant experience and knowledge in the cyber security field and be knowledgeable in the CMMC standard.

2. Clarifying the Scope of Assessment

The scope of assessment has been clarified to include organizations and their associated processes, systems, and information that support controlled unclassified information (CUI) handling operations.

3. Increasing Focus on Organizational Performance Measures

Under CMMC 2.0 organizations must meet certain performance measures such as the proportion of CUI-handling operations and processes that are subject to audit or assessment. The performance measures will be used to measure an organization’s overall security posture and compliance.

4. Introduction of Process and Activity Level Controls

CMMC 2.0 incorporates process-level and activity-level controls, which mandate specific security activities, such as authentication requirements for users with privileged access rights. For the first time, CMMC 2.0 requires organizations to explicitly document and control their processes for handling CUI.

5. Greater Focus on Cybersecurity Domain Requirements

CMMC 2.0 requires organizations to meet certain cybersecurity domain requirements for each of the five maturity levels, such as asset management and incident response. The focus is now on the value of preventive measures, such as user awareness training and risk assessments.

6. Introduction of Multiple Assessment Guidelines

Under CMMC 2.0, organizations are assessed in accordance with multiple assessment guidelines, which detail the steps required to successfully assess the organization on its maturity and performance levels. There are four assessment guidelines: initial, interim, repeat and continuous.

These changes demonstrate CMMC’s commitment to providing organizations with a comprehensive cybersecurity standard that meets the needs of CUI-handling operations. Whether you are an organization looking to implement CMMC or an assessor interested in certifying third-party assessments, understanding these 6 key changes is essential.

More Stories

How to Design Eye-Catching Dimensional Signs for Your Business

Chris Turn April 18, 2024

How Often Should You Check on Your RV in Storage?

Chris Turn April 17, 2024

Storage Solutions on a Budget: Cost-Effective Strategies for Small Business Owners

Chris Turn April 17, 2024

You may have missed

How to Design Eye-Catching Dimensional Signs for Your Business

Chris Turn April 18, 2024

How Often Should You Check on Your RV in Storage?

Chris Turn April 17, 2024

Storage Solutions on a Budget: Cost-Effective Strategies for Small Business Owners

Chris Turn April 17, 2024

Navigating Medical Malpractice: Understanding Your Rights and Options

Chris Turn April 17, 2024

The History of Men’s Wedding Bands

Chris Turn April 16, 2024