CMMC 2.0: What DoD Contractors Need to Know

2025 promises to be a very busy year for the Department of Defense (DoD) and its contractors. In October 2024 the department issued a new rule implementing the Cybersecurity Maturity Model Certification (CMMC) 2.0 program, requiring contractors to implement required security measures to protect federal contract information (FCI) and controlled unclassified information (CUI).

The rule rolls out the requirements in four phases over the course of three years, setting cybersecurity standards at progressively advanced levels, depending on the type and sensitivity of the CUI/FCI held by the contractor. DoD will verify the implementation of the cybersecurity requirements.

The CMMC rule adds to the urgency of meeting the federal Zero Trust (ZT) architecture mandate and establishing strong identity controls and access management (ICAM).

Learning Objectives:

• Evaluate the intersection of CMMC, Zero Trust, ICAM, and a Security Service Edge to understand the ways they reinforce each other and the steps your agency can take to implement them
• Review the different categories for controlled unclassified information and the cybersecurity measures required for each level
• Delineate the processes and tools in place to meet CMMC 2.0 requirements and identify any cybersecurity gaps that need to be addressed