If you feel like you’re stuck in a continually changing traffic roundabout called CMMC, we empathize with you. It’s our job to keep up with the latest requirements, and we’re more than happy to spend time answering your questions, so please feel free to submit a contact request, and one of our experts will contact you shortly.
For those of you that want to “level up” yourself, here’s a quick summary of CMMC “Two Point O” (CMMC 2.0):
- On November 4th, the DOD announced changes to CMMC with the introduction of CMMC 2.0. For companies that handle CUI, they announced 20 of the practices were being removed. They also stated that HALF of the CUI-handling contractors would be allowed to skip the C3PAO audit and self-attest to their own compliance. That gave financial relief to about 40,000 contractors.
- On Feb 3rd, they announced the CMMC program has been moved from the Office of the Under Secretary for Acquisition and Sustainment, where the program was created to the CIO of the DOD.
- On Feb 10th, the CIO of the DOD held the first of three CMMC Town Halls to present these changes in more detail. The most newsworthy item was a clarification that ALL Contractors handling CUI would have to use a C3PAO for their compliance accreditation. This totally contradicted the Nov 4th announcement and means that all ~80,000 CUI-handling contractors would have to pay for a C3PAO formal accreditation. So, we’ve traveled all the way back to Nov 3rd, except for the relief of those 20 practices*. Yes, that is an asterisk. Yes, it’s likely we will see most of those return. Read more below.
- Today, the second Town Hall was given. In the invite description as well as at the beginning of the Town Hall, it was announced that all three town halls are identical so if you were in the first one, they would prefer you not attend this one or the one next week as call resources were limited and this is in high demand. Plus, it would be mostly the same…except it wasn’t!
- During this second “identical” call, they contradicted the first Town Hall by re-clarifying that SOME CUI-handling contractors COULD Self Attest. So now it seems we have circled around to the original Nov 4th announcement of CMMC 2.0, except it is “some” and not “half”. Really, we couldn’t make this stuff up to be more confusing than the reality.
So, what does this really mean? Well, for one thing, it likely means everyone will be on next week’s Town Hall against the DOD’s desire and direction.
More importantly to you, it means you need an experienced, trusted partner that can help you reduce your risks of compliance against the reality of your budget. Helping you reduce the risks you face by meeting your compliance requirements at the lowest impact to your business has been Sentar’s core swim lane since anyone first heard of DFARS 252.204-7012. At least that hasn’t changed.
There are clearly defined things you can do today that have not and will not go away. There are other things you can plan on doing for minimal impact to your costs that will reduce the risk caused if your requirements do or don’t change. Most of Sentar’s revenue comes from working as a defense contractor under the same exact compliance requirements you face. We won’t steer you wrong – we’re going in exactly the same direction as you are. Feel free to reach out. We’ll help you pick the right roadmap forward, often without asking you to spend a dime. Let’s talk!