✅ CMMC draws from NIST standards, the DoD, and the international security community; CMMC 2.0 focuses entirely on NIST 800-171 security safeguards
✅ One size does not fit all – different levels of security are necessary, depending on the contract and sensitivity of the data involved
✅ CMMC 2.0 won’t appear in contracts until the rulemaking goes through Congressional review; the rulemaking was published October 15, 2024, and should be effective mid-December 2024