In 2019, the Department of Defense (DoD) announced the development of the Cybersecurity Maturity Model Certification (CMMC) Program, which was then implemented in 2020 as an interim rule. We blogged about that way back in 2020. This program was designed to give a certification to contractors based on the depth and effectiveness of their cybersecurity systems to help ensure that contractors implement required security measures. As DoD put it, “[t]he CMMC model consists of maturity processes and cybersecurity best practices from multiple cybersecurity standards, frameworks, and other references, as well as inputs from the broader community.” In late December 2023, the DoD issued proposed changes to the CMMC program for “CMMC 2.0,” a plan that DoD began work on back in 2021. In this post, we will take a general look at these proposed changes. More