CMMC Resources


What is CMMC Compliance?

CMMC stands for Cybersecurity Maturity Model Certification, and is the latest security framework mandated by the Department of Defense (DoD) for any contractor that sells into the DoD.

CMMC specifies a range of maturity levels that must be met and will be used by the DoD as qualification for vendor selection.

Who Needs To Be CMMC Certified?

Anyone in the defense contract supply chain. According to the DoD, “CMMC is intended to serve as a verification mechanism to ensure appropriate levels of cybersecurity practices and processes are in place to ensure basic cyber hygiene as well as protect controlled unclassified information (CUI) that resides on the Department’s industry partners’ networks.”

CMMC will replace the current ‘self-declaring’ model with third-party certification, and the resulting audit and certification process will establish compliance as a condition of doing business with the Defense Department.

What Is The CMMC Model?

DoD contractors will demonstrate compliance with required capabilities by showing adherence to practices and processes that have been mapped across the five maturity levels of CMMC.

Practices will measure the technical activities necessary to achieve compliance with a given capability requirement, while processes will measure the maturity of a company’s processes.

What Are The 5 Levels of CMMC?

The CMMC model has five defined levels, each with a corresponding set of practices and processes. Practices range from basic cyber hygiene (Level 1) to advanced/progressive capabilities (Level 5).

In parallel, processes step up from Level 1 (being performed) to Level 5 (being optimized across the organization).

Contractors must meet both associated practices and processes to achieve each specific CMMC level.


What are CMMC Domains?

The CMMC model consists of 17 domains. Many of these CMMC domains originated from the Federal Information Processing Standards (FIPS) 200 security-related areas and the NIST SP 800-171 control families.


Where Can I Get The Latest Information about CMMC?

Two great resources are CMMC Accreditation Body. and Office of the Under Secretary of Defense for Acquisition & Sustainment Cyber Security Maturity Model Certification.