, , , , , , , , , , , ,

What to Know About CMMC 2.0

The Cybersecurity Maturity Model Certification (CMMC)

The Department of Defense (DOD) believes that security is a foundational aspect of all purchase decisions and should not be sacrificed for cost, schedule, or performance. The first version of the Cybersecurity Maturity Model Certification (CMMC) program was released in 2020. Its original purpose is to be a verification mechanism to ensure that all appropriate levels of cybersecurity practices and processes are in place amongst companies in the Defense Industrial base (“DIB”) and to protect controlled unclassified information (CUI) and Federal Contract Information (FCI) that reside on the Department’s industry partners’ networks. It builds upon existing regulation (DFARS 252.204-7012) that is based on trust by adding a verification component with respect to cybersecurity requirements.

In November 2021, in response to more than 850 public comments, the DOD announced a significant revamp of the program, known as CMMC 2.0. CMMC 2.0 is expected to significantly reduce the regulatory burden on companies in the Defense Industrial Base (“DIB”) while ensuring companies still maintain sufficient safeguards needed to protect federal information.

Corgevity AIM for CMMC 2.0


A Corgevity CMMC 2.0 Registered Practitioner will conduct a gap analysis and identify key actions that need to be met to satisfy CMMC 2.0 requirements and achieve Government compliance.


Corgevity will create a plan of action to remediate the gaps between your company’s current security posture and the Cybersecurity Maturity Model’s requirements.


Corgevity will create and implement a system maintenance plan of action dedicated to keeping your company’s security future proof as CMMC continues to mature.