• Matross Edwards

DoD Releases CMMC Model v1.02

Today, the Department of Defense ("DoD") released Version 1.02 of its Cybersecurity Maturity Model Certification ("CMMC"), dated March 18, 2020.  According to the CMMC Errata, all fifteen changes were termed "Administrative" changes (as opposed to "Substantive" or "Critical" changes).  Some of the Administrative changes include, for example:

  • In practice AT.4.059, the references to NIST SP 800-53 Rev 4 AT-2(3), AT-2(4), AT-2(6), AT-2(7) were removed.

  • In practice CM.2.066, references to NIST CSF v1.1 PR.IP-3 and NIST SP 800-53 Rev 4 CM-4 were added.

  • The header Personnel Security (PS) was corrected to Physical Protection (PE).

  • In the last bullet of the CMMC Clarification Example, the term HTPS was corrected to HTTPS such that it reads: HTTP and HTTPS on port 443.

As many government contractors are aware, DoD intends on including the CMMC as a "go/no-go" threshold in requests for proposals ("RFP") beginning this fall with fifteen pathfinder contracts. That is, all DoD contractors––large and small, primes and subcontractors––will need to obtain a CMMC third-party certification to be eligible for defense contracts.

Notably, given that the novel coronavirus (COVID-19) pandemic is impacting the way Federal agencies and private entities conduct business, the timing of DoD's rollout could change.  Be sure to follow us on Twitter and LinkedIn for updates.

DoD CMMC Model Webpage


For background on the CMMC, check out the GovConJudicata Podcast's Introduction to CMMC.

You can listen to the podcast in a number of places, including:

You can also listen here:

. . .

#cyberjudicata #govconjudicata #cyber #govcon

Recent Posts

See All

Event: Top Reasons for Intervening in Bid Protests

On April 14, 2021 at 3:00PM EST, managing partner and bid protest attorney Joshua Duvall will lead a Matross "Cup O' Counsel" Educational Coffee Break Series event on "Top Reasons for Intervening in B

Joshua Duvall Successfully Recertifies as a CISSP

We are pleased to announce that managing partner Joshua Duvall successfully fulfilled the requirements by (ISC)² to recertify as a Certified Information Systems Security Professional ("CISSP"), a cert


Trusted Relationship.

Trusted Resource.

  • LinkedIn
  • Twitter
  • Podcast
  • gcj_box
  • cj_box

Washington, DC


© 2020 Matross Edwards LLC. All rights reserved. Attorney Advertising.

Matross Edwards - Logo.png