What Is CMMC?
Cybersecurity Maturity Model Certification
CMMC is a U.S. Department of Defense (DoD) program that applies to Defense Industrial Base (DIB) contractors. It is a unifying standard and new certification model to ensure that DoD contractors properly protect sensitive information. The CMMC standard is built off of the NIST 800-171 framework.
Why is CMMC important?
DIB contractors hold and use sensitive government data to develop and deliver goods and services. CMMC helps ensure that they secure this information the same way that military departments and government agencies do.
What’s different about CMMC?
The U.S. government provided cybersecurity guidance for contractors for many years, but there was no way for contractors to prove how strong their cyber programs were. CMMC introduces a new set of certifications, conducted by third-party assessors. Contractors must achieve certification before they can win future government contracts.
Does CMMC apply to all government contractors?
Today CMMC applies only to DoD contractors, and the DoD is now beginning to require certification with certain contracts. In the future, CMMC may apply all non-DoD government contractors as well.