CMMC – Cybersecurity Maturity Model Certification
What is CMMC
CMMC stands for “Cybersecurity Maturity Model Certification”. Per the latest version of CMMC, Model v1.02 maturity level of an organization is assed to be “Basic Cybersecurity Hygiene” to “Advanced/Progressive”. The intent is to incorporate CMMC into Defense Federal Acquisition Regulation Supplement (DFARS) and use it as a requirement for contract award as published on https://www.acq.osd.mil/cmmc/updates.html.
Why to get CMMC
Currently, NIST 800 171 Rev 2: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations are used for compliance with CUI requirements. Requirements apply to all nonfederal systems and organizations that process, store, and/or transmit CUI, or that provide protection for such component. Since this standard is not audited, in order to improve the cybersecurity posture of the Defense Vendor’s or Defense Industrial base, DoD has planned migration to CMMC. All DoD vendors which constitute approximately over 300,000 will need to migrate to CMMC by 2025. CMMC has 5 levels and the draft has the practice and processes that are to be achieved at each level. CMMC 1-3 level require meeting all 110 controls specified in NIST 800-171.
Benefits of CMMC