Best Practice Guide: Cybersecurity Maturity Model Certification (CMMC)

Defense contractors are well aware of the Defense Federal Acquisition Regulation Supplement (DFARS), which mandates that Department of Defense (DoD) contractors adopt cybersecurity standards that follow the NIST SP 800-171 cybersecurity framework. Due to the slow adoption of the standards, the DoD has released the Cybersecurity Maturity Model Certification (CMMC) to ensure that the standards are being assessed properly and are adequate for addressing security requirements throughout the defense supply chain. With five possible maturity levels, the CMMC is intended to safeguard Federal Contract Information (FCI) at
Level 1, progress to protecting Controlled Unclassified Information (CUI) at Level 3 and reduce the risk of Advanced Persistent Threats (APT) to national security at Level 5.