This year, the federal government is expected to implement the Cybersecurity Maturity Model Certification (CMMC) for contractors.
- CMMC 2.0 is going to have three levels. Level one is about 15 controls and is a self-certification for contractors who don’t handle secret information, level two is for those who have access to classified information and is about 110 controls and level three has not been defined yet, Eric Crusius, partner at Holland & Knight LLP, stated.
- A risk with self-certification is people stating that they are certified and compliant when they are not actually, Crusius explained.
- Contractors should start getting ready for CMMC 2.0 by going through the controls to see which ones they are compliant with, he said.