CmmC 2.0 Security Workshop for Microsoft 365

CMMC 2.0 builds upon the initial CMMC 1.0 framework to dynamically enhance DIB cybersecurity against evolving threats. The CMMC framework is designed to protect sensitive unclassified information that is shared by DoD and ensure accountability while minimizing barriers to compliance with DoD requirements. CMMC 2.0 will replace the five cybersecurity compliance levels with three levels that rely on well established NIST cybersecurity standards:

• Level 1: Foundational, based on basic cybersecurity practices.
• Level 2: Advanced, based on practices aligned with NIST SP 800-171.
• Level 3: Expert, based on all practices in Levels 1 and 2 augmented by NIST SP 800-172, which supplements NIST SP 800-171 to mitigate attacks from advanced cyber threats.

Under the CMMC program, DIB contractors will be required to implement certain cybersecurity protection standards, and, as required, perform self-assessments or obtain third-party certification as a condition of DoD contract award. For more information, see Securing the Defense Industrial Base CMMC 2.0.