ediverse Explore the platform

Spotlight PEPPOL BIS Billing 3.0 The EU e-invoicing mandate is here — France Sept 2026, Belgium Jan 2026, Germany 2025.

Cybersecurity Maturity Model CMMC

CMMC 2.0 DoD mandatory DIB cyber certification.

Definition

CMMC 2.0 has 3 levels: Level 1 Foundational (FCI, 17 controls FAR 52.204-21), Level 2 Advanced (CUI, 110 controls NIST SP 800-171 r2), Level 3 Expert (~critical CUI, NIST SP 800-171 r2 + 24 controls NIST SP 800-172). Final rule 32 CFR Part 170 published October 2024, applicable mid-2025 phased. C3PAOs (Certified Third-Party Assessor Organizations) accredited by Cyber AB.

Origin

DoD, CMMC 1.0 January 2020, CMMC 2.0 November 2021, final rule 32 CFR Part 170 October 2024.

Usage

Mandatory for any DoD contractor from mid-2025. Contracts cascade in progress.

Related terms

  • NIST SP 800-171 — standard sous-jacent.
  • CUI — donnée protégée.
  • Cyber AB — accréditeur C3PAO.

Last updated: May 18, 2026