When will CMMC 2.0 be required?

The Office of the Under Secretary of Defense for Acquisition and sustainment (OUSD(A&S)) does not intent to approve inclusion of a CMMC requirement in any contract prior to completion of the CMMC 2.0 rulemaking process.

Once CMMC 2.0 is codified through rulemaking, the department will require companies to adhere to the revised CMMC framework according to requirements set fourth in regulation.


Who within the supply chain is required to become certified?

All Department of Defense contractors with contracts over $10,000 must be CMMC certified. The only other exception is contracts for Commercial Off-the-Shelf (COTS) products.


Do all sub-contractors need to achieve CMMC certification?

All subcontractors who handle CUI within their infrastructure and/or in the duration of the contracts they serve are required to become CMMC Certified. 


Will prime contractors and subcontractors be required to maintain the same CMMC level?

If contractors and subcontractors are handling the same type of FCI and CUI, then the same CMMC level will apply. In cases where the prime only flows down select information, a lower CMMC level may apply to the subcontractor.


Who needs a CMMC certification?

Any organization in the DoD supply chain that contains federal contract information (FCI) or CUI controlled unclassified information (CUI) will have to comply with CMMC standards. Organizations that only have access to FCI will need to comply at Level 1, whereas organizations with access to CUI will have to comply at Level 2 or 3. 


What are the different websites linked throughout the site?

CMMC Insights and CMMC Requirements are both brands of InfoDefense. All other websites linked are resources referenced during the creation of content on this site. 

What is CMMC Requirements?

The new cmmcrequirements.com is coming soon.

CMMC Requirements is an e-commerce site for contractors who are looking for customizable documentation templates. Shop templates for System Security Plan, Plan of Action & Milestones, and Policies & Standards, and browse free guides and tools to help you reach CMMC compliance efficiently and cost-effectively.

How should I navigate through the CMMC Insights, CMMC Requirements, and InfoDefense websites? 

CMMC Insights

  • Understanding CMMC requirements is a vital initial step to certification. CMMC Insights is the starting point for learning all things relating to CMMC/NIST SP 800-171 in a clear, helpful format. 

CMMC Requirements

  • After Insights, CMMC Requirements offers free guides and tools to help you to start your CMMC journey. After learning all the different options you have for compliance, we offer the next step for certification by providing customizable documentation templates. CMMC Requirements is coming soon.


  • InfoDefense, Inc., is an established cybersecurity service provider that offers cost-effective compliance solutions for small to medium-sized businesses. To receive expert compliance advice or personalized quotes for our comprehensive CMMC compliance solution, CyberSecure 360, contact us.