Glossary »

CMMC 2.0


CMMC 2.0 stands for Cybersecurity Maturity Model Certification 2.0, an updated framework mandated by the U.S. Department of Defense (DoD) for all Defense Industrial Base (DIB) businesses.


CMMC 2.0 is designed to enhance the cybersecurity posture of the DIB, which includes all suppliers and contractors working with the DoD. This updated version aims to be more flexible and accessible for businesses of all sizes, especially small businesses. It is fundamentally based on the NIST 800-171 standard and adds a certification layer to protect Controlled Unclassified Information (CUI) and Federal Contract Information (FCI).

Key Points:

  • Mandatory for DoD Contractors: Non-compliance could result in the loss of DoD contracts.

  • Based on NIST 800-171: If you're already compliant with NIST 800-171, you have a head start.

  • Time-Sensitive: The expected final date for compliance will likely be October 2025. The DoD indicates that achieving compliance can take anywhere from 9-24 months.

  • Cultural Shift: Achieving compliance often requires a significant change in company culture to prioritize cybersecurity.

Relevant for DCS Clients:

DCS clients utilizing our advanced cybersecurity stack and fully managed services are well-positioned for CMMC 2.0 compliance. DCS has existing relationships with C3PAOs who can certify you if required.