CMMC

The Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) is an assessment standard designed to ensure that defense contractors are in compliance with current security requirements for protecting sensitive defense information. The program is expected to go into effect in May 2023, at which point, CMMC will begin showing up in contracts. Whether organizations handle Controlled Unclassified Information (CUI) or Federal Contract Information( FCI) they will need to achieve CMMC compliance.
CMMC is the DoD’s definitive program to standardize cybersecurity practices for protecting Controlled Unclassified Information (CUI) throughout the defense industrial base (DIB). It will substantiate many of the existing cybersecurity regulations, which have applied until now to the protection of sensitive information but have been met with spotty compliance. Depending on the sensitivity of the information which the contractor handles, they will have to meet one of the 3 CMMC levels.

CMMC Objectives

1. Protect sensitive defense information from cyber attacks and nation state actors
2. Create a unifying cybersecurity standard for defense contractors
3. Ensure accountability for defense companies that are responsible for protecting government data

The new CMMC 2.0 levels are based on the type of information DIB companies handle.
Level 1 - Foundational
Level 2 - Advanced
Level 3 - Expert