• Matross Edwards

DoD Releases CMMC Model v1.02

Today, the Department of Defense ("DoD") released Version 1.02 of its Cybersecurity Maturity Model Certification ("CMMC"), dated March 18, 2020.  According to the CMMC Errata, all fifteen changes were termed "Administrative" changes (as opposed to "Substantive" or "Critical" changes).  Some of the Administrative changes include, for example:

  • In practice AT.4.059, the references to NIST SP 800-53 Rev 4 AT-2(3), AT-2(4), AT-2(6), AT-2(7) were removed.

  • In practice CM.2.066, references to NIST CSF v1.1 PR.IP-3 and NIST SP 800-53 Rev 4 CM-4 were added.

  • The header Personnel Security (PS) was corrected to Physical Protection (PE).

  • In the last bullet of the CMMC Clarification Example, the term HTPS was corrected to HTTPS such that it reads: HTTP and HTTPS on port 443.

As many government contractors are aware, DoD intends on including the CMMC as a "go/no-go" threshold in requests for proposals ("RFP") beginning this fall with fifteen pathfinder contracts. That is, all DoD contractors––large and small, primes and subcontractors––will need to obtain a CMMC third-party certification to be eligible for defense contracts.

Notably, given that the novel coronavirus (COVID-19) pandemic is impacting the way Federal agencies and private entities conduct business, the timing of DoD's rollout could change.  Be sure to follow us on Twitter and LinkedIn for updates.

DoD CMMC Model Webpage


For background on the CMMC, check out the GovConJudicata Podcast's Introduction to CMMC.

You can listen to the podcast in a number of places, including:

You can also listen here:

. . .

#cyberjudicata #govconjudicata #cyber #govcon

Recent Posts

See All

President Signs New Space Policy Directive

On September 4, 2020, President Trump signed Space Policy Directive-5 (SPD-5), which establishes a set of cybersecurity principles designed to protect the nation's valuable "space systems" from a host

Debriefing and Bid Protest Tipsheet

The end of FY20 is around the corner, which means countless government contractors have recently received an award decision (or are patiently waiting for an award decision) from a federal agency. It a


Trusted Relationship.

Trusted Resource.

Washington, DC


© 2020 Matross Edwards LLC. All rights reserved. Attorney Advertising.

  • LinkedIn
  • Twitter
  • Podcast
  • gcj_box
  • cj_box
Matross Edwards - Logo.png