Cybersecurity Maturity Model Certification (CMMC): Here is What You Need to Know!

The US Department of Defense has introduced the Cybersecurity Maturity Model Certification (CMMC) to normalize and standardize cybersecurity for the Federal Government and Defense Industrial Base (DIB). The CMMC is a unified standard that implements cybersecurity across the DIB, including over 300,000 companies in the supply chain. It is DoD’s response to a significant compromise of sensitive defense information contained in contractors’ information systems.

CMMC Maturity Process Progression — Source: DoD

When the Department of Defense realized that under NIST SP 800–171 it needed more structure than self-certification and compliance it began to develop what would later become the Cybersecurity Maturity Model Certification (CMMC). Contractors are responsible for implementing, monitoring, and certifying the security of their information technology systems and the sensitive DOD information they store and transmit on these systems.

The Department of Defense (DoD) published version 1.0 of the proposed CMMC framework in January…