CMMC Compliance

The new Cybersecurity Maturity Model Certification is the US Department of Defense’s response to numerous compromises of sensitive defense information sitting on contractors’ information systems. CMMC provides a unified standard for implementing cybersecurity throughout the Defense Industrial Base (DIB) with a framework that better assesses and improves the cybersecurity posture of the DIB. The CMMC incorporates pre-existing legislation such as NIST SP 800-171, 48 CFR 52.204-21 and DFARS clause 252.204-7012.

Furthermore, the CMMC establishes five certification levels demonstrating the maturity and reliability of a company’s cybersecurity capabilities to warrant the safeguarding of government information on the contractor’s information systems. The purpose of the CMMC is to ensure that sufficient levels of cybersecurity practices and processes are in place to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) that sit on the DIB’s network.