Big Changes in CMMC – Learn from Two MSPs who specialize in the DIB

In this video, Jennifer VanderWeer and Andy Sauer discuss the recent changes in the CMMC framework and what it means for MSPs and contractors. They delve into the implications of the rollback in requirements and how it affects cybersecurity practices, emphasizing the importance of maintaining a strong security posture regardless of regulatory changes. The conversation highlights the balance between compliance and security, providing insights into how businesses can navigate these regulatory shifts while ensuring robust cybersecurity measures.

• CMMC 2.0 introduced changes that simplify the certification process by reducing levels and eliminating some controls, which aims to make compliance more attainable for companies.
• The self-attestation process has been reintroduced at Level 1, shifting some of the responsibility back to companies to self-assess their compliance, which might reduce the urgency but maintains the legal obligation.
• MSPs are encouraged to focus on building strong cybersecurity practices in general, rather than solely aiming to pass specific assessments, ensuring readiness for real-world threats.