Your guide to CMMC 2.0 compliance requirements

Compliance with the Cybersecurity Maturity Model Certification (CMMC) 2.0 framework is no longer optional. It’s now a requirement for defense contractors doing business with the United States Department of Defense (DoD). Designed to safeguard sensitive government data, CMMC 2.0 strengthens protections across the Defense Industrial Base (DIB) against data theft, adversarial intelligence collection, and cybersecurity risks that could impact national security. 

Built on NIST 800-171 standards, CMMC 2.0 establishes clear cybersecurity expectations across the defense supply chain. With the DoD issuing a final Defense Federal Acquisition Regulation Supplement (DFARS) rule, CMMC requirements are now included as award criteria for new contracts—and apply when option years are exercised on existing contracts starting November 10, 2025. 

Our how-to guide walks through the core components of CMMC 2.0, explains what’s changed from previous models, and answers common questions defense contractors are asking today. Gain clarity on compliance levels, assessment requirements, and the necessary steps your organization should take to prepare. 

Explore the guide to understand CMMC 2.0 requirements and take the next step toward compliance.