What is CMMC?
CMMC stands for Cybersecurity Maturity Model Certification. CMMC is a unifying standard for implementing cybersecurity controls across the Defense Industrial Base (DIB). The CMMC framework includes a comprehensive and scalable certification element to verify the implementation of processes and practices associated with the achievement of the cybersecurity maturity level. In other words, your company must pass an assessment by a certified CMMC assessor to attain a specific level of maturity.
CMMC is designed to provide increased assurance to the Department of Defense that a DIB company can adequately protect sensitive unclassified information, accounting for information flow down to subcontractors in a multi-tier supply chain.
The DoD is currently revising the program and will issue interim guidance in May 2023 with final implementation 60 days after publication. Once issued, CMMC compliance will be mandatory for all new DoD contracts and all current contracts at time of renewal.