The Cybersecurity Maturity Model Certification (CMMC) is a certification procedure developed by the Department of Defense (DoD) to certify that contractors working with the DoD have the controls in place to protect sensitive data. CMMC replaces the previous self-attestation model and moves to certification via CMMC Third Party Assessment Organizations (C3PAOs). The CMMC Model is based on the best-practices of different cybersecurity standards, including NIST SP 800-171, NIST SP 800-53, ISO 27001, ISO 27032, AIA NAS9933, and others into one cohesive standard for cybersecurity.
The CMMC Model has three defined levels, each with a set of supporting practices and processes. Practices range from Level 1 (foundational) to Level 3 (expert). To meet a specific CMMC level, an organization must meet the practices and processes within that level and all levels below. The DoD will specify the required CMMC level an organization must possess when releasing Requests for Information (RFIs) and Requests for Proposals (RFPs).
.png?width=58&height=58&name=target%20(1).png)
.png?width=63&name=slot-machine%20(1).png)
.png?width=58&name=factory%20(1).png)
.png?width=58&name=finger%20(1).png)
.png?width=58&name=review%20(1).png)
