CMMC 2.0

Phy-Cy.X Security Group, LLC become the second CMMC RPO in Wichita, Kansas.

As CMMC progresses on, effective Nov 30, 2020 an interim DFARS rule is being integrated where all DOD contractors whom currently self attest to NIST 800-171 will need to have a BASIC assessment conducted and score provided to the Supplier Performance Risk System in order to remain eligible for contract awards. Call us today to see how we can help you conduct a NIST assessment utilizing the Assessment Methodology to generate your score and post to the SPRS.


The DOD has recently updated CMMC to version 2.0. There were significant changes to the framework and the way certification is obtain. The framework has been updated to reflect three levels vice five levels as was present in version 1.0.

Level 1 has been updated to self-assessment and no longer needs a third party audit to obtain certification.

Level 2 has been aligned with NIST 800-171 where the additional 20 items have been removed. Self-assessment and third party audits are to be expected within some capacity at this level as the requirements are further refined.

Level 3 is currently in development but should be expected to align with NIST 800-172 with some additional requirements.