CMMC 2.0

CMMC 2.0 is the current version of the Cybersecurity Maturity Model Certification framework, streamlined from the original CMMC 1.0. Key changes include reducing the number of levels from five to three, aligning Level 2 directly with NIST SP 800-171, allowing self-assessment for some Level 2 scenarios, and introducing POA&M allowances.

CMMC 2.0 was designed to reduce the compliance burden on small businesses while maintaining the security rigor the DoD needs. It eliminated the maturity processes and unique CMMC practices from version 1.0, making the requirements more straightforward and aligned with existing NIST standards.