CMMC 2.0: Best Practices and Recommendations for a Cybersecurity Maturity Model Certification (CMMC) 2.0

ACT-IAC White Paper: CMMC 2.0: Best Practices and Recommendations for a Cybersecurity Maturity Model Certification (CMMC) 2.0
Developed by the Cybersecurity Community of Interest
Published September 21, 2022

This paper introduces the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) program, which seeks to increase the security posture of the vast defense industrial base, the hundreds of thousands of contractors the department contracts with. These vendors traffic in controlled unclassified information, data that is not classified but nonetheless creates a potential risk to the department. As an attempt to strengthen the base and reduce its cyber insecurity, this program sets out requirements vendors must meet to do business with the department. Although only three years old, the program is in its second version, CMMC 2.0. The paper starts with an overview of what CMMC is and how we got to version 2.0 before zooming in on the requirements. This paper was written by Master of Science in Information Systems students at the Indiana University Bloomington in partnership with the ACT-IAC Cybersecurity COI.

This paper was written by Master of Science in Information Systems students at the Indiana University Bloomington in partnership with the ACT-IAC Cybersecurity COI.