- Why Sharetru?
- Learning Center
The Cybersecurity Maturity Model Certification (CMMC) program standardizes cyber protection standards for companies in the Defense Industrial Base (DIB). CMMC is a key component of the expansive DIB cybersecurity effort launched by the Department of Defense (DoD) to counteract national security threats in cyberspace.
In September 2020, the DoD published an interim rule to the Defense Federal Acquisition Regulation Supplement (DFARS) which implemented the DoD’s initial vision for the program (CMMC 1.0) and outlined the basic features of the framework.
In November 2021, the DoD announced CMMC 2.0, an updated and streamlined program structure.
CMMC 1.0 and 2.0 evolved out of NIST SP 800-171, which provides recommended security requirements for protecting the confidentiality of CUI that resides in nonfederal systems and organizations.
In practice, CMMC 2.0 is a new development in the contract requirements placed on the DIB. With our Advanced Security and Compliance Add-on, contractors can easily meet CMMC 2.0 Level 2 file sharing standards and stay aligned with NIST SP 800-171.
Sharetru has proven an essential tool for government contractors to comply with the managed file transfer regulations published in NIST SP 800-171, so our platform is well equipped to handle CMMC 2.0 and beyond.
CMMC compliance allows your organization to bid on contracts and establish your organization as one that clients can trust.
Sharetru provides the controls you need to meet NIST SP 800-171, CMMC 1.0, and CMMC 2.0 Level 2 standards, making it easy for you to implement them in our platform with a simple guidance document that we provide.
Sensitive federal information residing in nonfederal systems and organizations must be protected. Any breach of this data can directly impact the federal government’s ability to carry out its designated missions and business operations.
To share CUI, compliance with CMMC 2.0 Level 2 is required. This entails implementing the same 110 controls specified in NIST SP 800-171. While not complying with CMMC doesn’t mean you’ll get fined, it still leads to revenue loss.
Why are they changing it?
Leveraging feedback from industry leaders, Congress, and other stakeholders, the DoD honed in on the most common themes. Comments on CMMC improvements included:
What does it cost?
CMMC 2.0 costs are projected to be significantly lower than before due to the DoD’s initiative to:
Streamline requirements at all levels
Allow some companies to perform self-assessments
Increase oversight of third-party assessments
The DoD now allows companies to waive CMMC requirements with strict guidelines when applying for a waiver. Waivers help not only with the flexibility of CMMC implementation but also with the speed. Accelerating individual adoption of CMMC 2.0 will play a major role in overall adoption.
Has the reasoning or end goal of CMMC changed?
No, the CMMC features are largely unchanged from a high-level overview. The three key features of the CMMC framework are still:
Threat actors are getting smarter by the day. Prioritize protected file sharing to ensure sensitive data doesn't fall into the wrong hands and risk your contractor status. See how Sharetru does this for you and more by scheduling a demo today.