American Made Advocacy: Smart Policies Can Ensure AI Data Centers Are Secure
Beyond the Board: Early Engagement Means Faster Prototyping for Defense Programs
Defense Speak Interpreted: The Autonomous Plane Battle—Skyborg Vs. Loyal Wingman
The Double-edged Sword of CMMC 2.0
June 6, 2022 | Divyash Patel, MX2 TechnologyEstimated reading time: 2 minutes
For the past few years, those whose SMT provider organizations supply or contract with the U.S. Department of Defense (DoD) have been hearing about—or even gearing up for—implementation of the Cybersecurity Maturity Model Certification (CMMC) program. By this, I mean that you were gearing up for CMMC 1.0. Today, we have CMMC 2.0, and there are several changes in the new version that impact both the standards for compliance and how you certify that compliance—especially if you run a small business.
Small businesses are the backbone of the defense industrial base (DIB), just as they are for the entire economy. As both patriots and businesspeople, I’m sure most contractors serving the DoD support the goals of the CMMC program: ensuring the security of sensitive data up and down the supply chain. I’m also certain that the CMMC 1.0 rules, which went into effect in November 2020, caused more than a little stress and anxiety for smaller contractors. Why? Because CMMC 1.0 required contractors to undergo an examination by a Certified Third-Party Assessment Organization (C3PAO) to become certified.
When it became clear that the burden CMMC 1.0 placed on small contractors was significant enough to potentially force some out of the DIB, the DoD hit pause on the CMMC program. In fact, the official in charge of the CMMC’s implementation came out and said one of the main goals of revising the program was to decrease the cost burden on small businesses. As a result, the DoD scrapped CMMC 1.0 and announced CMMC 2.0 in November 2021. The full 2.0 framework is expected to be released sometime next year.
But don’t make the mistake of thinking the government will kick the CMMC can down the road once again when 2023 rolls around. I fully expect CMMC 2.0 to come online when the rules are final.
At a high level, the two major changes that will likely affect you are the new tiers of security and the shift to annual self-attestation of compliance.
The original CMMC defined five levels of security. CMMC 2.0 has three:
- Foundational
- Advanced
- Expert
For most of you, the newly collapsed levels won’t change the practical compliance requirements. This is good news. Most contracts will fall into Level 1, so any work you have done to this point to achieve Level 1 compliance under CMMC 1.0 has not been wasted. The new framework relies on the same 17 baseline security controls used in the prior version—more on those controls in a moment.
The key distinction between Level 1 and Level 2 under CMMC 2.0 has to do with the type of information you handle. Level 1 focuses on securing federal contract information (FCI), for which there are no national security concerns. The bar for Level 1 is not set very high— it is essentially developing and maintaining good baseline cybersecurity policies and procedures. In my view, this is something any company should do; it’s just a good business practice.
To read this entire article, which appeared in the June 2022 issue of SMT007 Magazine, click here.
Share on:
Testimonial
"Advertising in PCB007 Magazine has been a great way to showcase our bare board testers to the right audience. The I-Connect007 team makes the process smooth and professional. We’re proud to be featured in such a trusted publication."
Klaus Koziol - atgSuggested Items
BAE Contract Agreed with the Republic of Türkiye for Typhoon Aircraft
10/28/2025 | BAE SystemsThe UK Government has announced a c.£5.4 billion agreement with the Republic of Türkiye for the purchase of 20 Typhoon aircraft and an associated weapons and integration package, sustaining more than 20,000 highly skilled jobs across the UK supply chain.
SMTAI 2025 Review: Reflecting on a Pragmatic and Forward-looking Industry
10/27/2025 | Marcy LaRont, I-Connect007Leaving the show floor on the final afternoon of SMTA International last week in Rosemont, Illinois, it was clear that the show remains a grounded, technically driven event that delivers a solid program, good networking, and an easy space to commune with industry colleagues and meet with customers.
The Training Connection, LLC Welcomes Industry Veteran Jack Harris to Lead Training Partnerships
10/07/2025 | The Training Connection LLCThe Training Connection, LLC (TTC-LLC), a premier provider of test engineering and development training, is proud to announce that Jack Harris, one of the most recognized names in electronics manufacturing training and technical development, has joined the company as Relationship Lead, Training.
Alpha Insights, Performance by Design: The Future of PCB Manufacturing in the Midwest
10/07/2025 | Team Alpha -- Column: Alpha Insights: Performance by DesignFor years, Midwest PCB manufacturing was often viewed as a low-cost, high-volume business—good for standard builds but not for the high-reliability programs that demand tight process control. Defense primes and medical OEMs frequently turned to coastal or overseas suppliers for advanced work.
Schweizer Ends Staff Restructuring Measures and Short-Time Working at the Schramberg Site
10/01/2025 | Schweizer Electronic AGSchweizer Electronic AG has implemented comprehensive measures to adjust its cost and personnel structure at its Schramberg site due to strong market fluctuations in the automotive and industrial electronics sector. Thanks to the successful restructuring, short-time working can now be ended with immediate effect. A stable order situation is expected for the fourth quarter, with signs of growth momentum returning in 2026.