CMMC

The Cybersecurity Maturity Model Certification is a DoD framework for assessing and certifying contractor cybersecurity practices. CMMC requires third-party assessment of contractor security controls before they can bid on contracts involving Controlled Unclassified Information (CUI).

CMMC has multiple levels with increasing security requirements. Contractors must achieve certification at the level required for specific contracts. The program is being phased in through contract clauses and will eventually apply broadly to the Defense Industrial Base. Achieving CMMC certification requires documented policies, implemented controls, and passing third-party assessment.