What is Cybersecurity Maturity Model Certification (CMMC)?

The Cybersecurity Maturity Model Certification (CMMC) is a cybersecurity framework developed by the United States Department of Defense (DoD) to protect the sensitive data of the defense industrial base (DIB) and ensure that all contractors and subcontractors who work with the DoD meet a certain level of cybersecurity readiness.

The CMMC framework consists of five levels of cybersecurity maturity, ranging from basic cyber hygiene to advanced cybersecurity practices. Each level includes a set of cybersecurity practices and processes that contractors and subcontractors must implement to achieve compliance with the CMMC requirements.

The CMMC was developed in response to concerns about the increasing sophistication and frequency of cyber attacks targeting the DIB, and the potential risks to national security posed by a breach of sensitive defense information. By requiring all contractors and subcontractors to meet a minimum level of cybersecurity readiness, the DoD aims to improve the overall cybersecurity posture of the DIB and reduce the risk of cyberattacks and data breaches.

Under the CMMC framework, contractors and subcontractors who work with the DoD must undergo an assessment by a certified third-party assessment organization (C3PAO) to demonstrate their compliance with the required cybersecurity practices and processes. The results of the assessment are used to determine the contractor's or subcontractor's level of CMMC certification.