Draft 0.7 of the Cybersecurity Maturity Model Certification (CMMC) framework was released today by USD(A&S). Our initial takeaways regarding the changes from v0.6 to v0.7 are:
- There was no change to the number of domains, but additional capabilities were added to the following domains:
- There were no changes to the practices in Level 1.
- Three practices have been moved from Level 2 to Level 3.
- 2 practices from the Access Control domain
- 1 practice from Systems and Communications Protection domain
- Level 4 practices decreased by a total of 36, from 62 in v0.6 to 26 practices in v0.7.
- Level 5 practices decreased by a total of 10, from 26 in v0.6 to 16 practices in v0.7.
We will be releasing a more in-depth analysis of the changes between v0.6 and v0.7 soon.