The original CMMC (version 1.0) was based on several cybersecurity guidelines, most prominently NIST 800-171. With the announcement of CMMC version 2.0 in early November 2021, however, the alignment between the frameworks and the NIST document has changed a bit. Fortunately, this change seems to be for the better, or at least more intuitive, for assessors and contractors.

Here, we’ll discuss how the new CMMC 2.0 assessment levels align with NIST 800-171 and how this can help contractors more readily meet their security obligations once the new framework goes into effect.