Manufacturers: Are you ready for CMMC 2.0?

Ashley Chambliss
Manufacturer on the shop floor

If your firm services at any point in the Defense supply chain, you know how important it is to secure it through the Cybersecurity Maturity Model Certification (CMMC) standard. Are you aware there is a CMMC 2.0 version coming? Is your business ready? Now is the time to be proactive, along with your IT provider, to ensure that you are not waiting until the most current version is released before you work on the foundational necessities to remain compliant. 

Read more: Is your IT firm a registered CMMC provider? 

What is CMMC? 

The Cybersecurity Maturity Model Certification is an accreditation earned by Defense Industrial Base (DIB) companies to ensure compliance with the Department of Defense to ensure a secure supply chain. The manufacturing industry needs to be particularly aware of any updates and changes to the CMMC.   

According to the Office of the Under Secretary of Defense for Acquisition & Sustainment website, the "Cybersecurity Maturity Model Certification (CMMC) framework includes a comprehensive and scalable certification element to verify the implementation of processes and practices associated with the achievement of a cybersecurity maturity level. CMMC is designed to provide increased assurance to the Department that a DIB company can adequately protect sensitive unclassified information, accounting for information flow down to subcontractors in a multi-tier supply chain." 

What is different about CMMC 2.0? 

Two of the main updates are the allowance of Plan of Actions and Milestones (POA&Ms) and allowance of waivers on a very limited basis. Previously, these two items were not allowed.  

To learn more on CMMC 2.0 updates, visit  

What should I be doing now to get ready for CMMC 2.0? 

We are finding some companies are surprised by their customers mandating they become accredited before they bid on work. We are seeing from up the supply chain; firms are having to prove their credentials are in place or they are losing business. 

Now is the time to get the foundational layers of business in place to ensure you are proactively acting when the time comes for audits. You do not want to have to play catch-up and run this risk. 

Watch now: The Role of the Business Leader in Cybersecurity for the Modern Workplace 

What is a CMMC registered provider? 

Registered Provider Organizations in the CMMC ecosystem are authorized as familiar with the basic constructs of the CMMC Standard to provide advice, consulting, and recommendations to their clients.  They are the “implementers” and consultants but do not conduct Certified CMMC Assessments.  

As a registered CMMC provider, Thriveon helps clients by guiding and implementing the policies, controls, and evidence needed to meet ever-maturing cybersecurity standards. 

Next Steps with CMMC 2.0  

By working with providers like Thriveon to optimize and align your cybersecurity standards, you position your organization well against cyber attacks and for any future updates on the CMMC. We are approved from CMMC to bring clients into compliance, and get your firm audit-ready. We’re prepared to bring companies from no security to fully ready to pass the audit. Contact us today, so we can begin to assess your cybersecurity needs.  

Schedule a Meeting

Get the Webinar


Subscribe to our email updates


Subscribe to our email updates