The Cybersecurity Maturity Model Certification (CMMC) is a regulation framework for DoD contractors. The CMMC program evolved as a more robust response to ineffective cybersecurity measures set out in the Defense Federal Acquisition Regulation Supplement (DFARS).
CMMC requires that government contractors protect their Controlled Unclassified Data (CUI) by implementing the NIST 800-171 controls and having them verified by a Certified Third-Party Assessment Organization (C3PAO).
The CMMC framework is outlined by five different distinct levels. Each level has varying degrees of cybersecurity implementation requirements and processes.
Level 1 - Foundational - Annual Self-Assessment
Level 2 - Advanced - Triannual third-party assessment for 3rd Party Controls
Level 3 - Expert - Triannual government-led assessments
More about CMMC Services
