The answer to that question is... Kind of, yeah! Which to be honest, is going to take some getting used to because even though we know it was coming, we've done so much NIST compliance work, that it's still kind of strange... But I digress!
The goal of CMMC is to simplify the cybersecurity process for contractors by combining best practices of various requirements and regulations. According to the Office of the Under Secretary of Defense for Acquisition & Sustainment FAQ Page
- "The intent of the CMMC is to combine various cybersecurity control standards such as NIST SP 800-171, NIST SP 800-53, ISO 27001, ISO 27032, AIA NAS9933 and others into one unified standard for cybersecurity. In addition to cybersecurity control standards, the CMMC will also measure the maturity of a company’s institutionalization of cybersecurity practices and processes."
- "Unlike NIST SP 800-171, CMMC will implement multiple levels of cybersecurity. In addition to assessing the maturity of a company’s implementation of cybersecurity controls, the CMMC will also assess the company’s maturity/institutionalization of cybersecurity practices and processes."