CMMC (V 2.0) – NIST SP 800-171 and NIST SP 800-172
On November 5, 2021, the DoD announced its strategic direction of the CMMC program.
The original goal of safeguarding sensitive information has been retained. The framework has been simplified minimizing barriers to comply with DoD requirements.
The number of levels has been reduced from five to three with the number of controls reduced.
The CMMC Version 1.0 vs Version 2.0:
The number of controls in each level of Version 2.0 are as follows along with the requirements:
Below is a list of domains and controls for both NIST 800-171/172. As you can see, NIST 800-172 includes all of NIST 800-171 requirements with additional requirements in certain domains.
For more information on CMMC or other Information Security Standards such as the ISO 27000 series, contact PJC.