his session explains how CMMC 2.0 intersects with existing DFARS cybersecurity requirements, and what that overlap means in practice for defense contractors.
Participants will examine how CMMC builds on DFARS 252.204-7012 and NIST SP 800-171 rather than replacing them, including where requirements are truly identical, where expectations have been clarified, and where enforcement is materially changing. The discussion helps separate what organizations may already have in place from what still requires remediation or stronger evidence.
Topics include:
The relationship between DFARS 252.204-7012, NIST SP 800-171, and CMMC
Which existing controls and documentation can be leveraged
Where CMMC raises the bar through assessment and validation
Common misconceptions that lead to overconfidence or gaps