CMMC is a DoD certification process to measure a company’s ability to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). CMMC combines cybersecurity standards and maps these best practices and processes to maturity levels, from basic cyber hygiene to advanced/progressive.
All DoD contractors and subcontractors, regardless of their need to access sensitive information, will have their cyber acumen scored on a scale of 1 to 5. The Department of Defense will use the same scale to stipulate in solicitations the CMMC level required.
A CMMC Accreditation Body — a neutral third party that will maintain the standard for DoD –- was established to train and verify third-party cybersecurity certifiers who will conduct audits. Additional information regarding the CMMC Accreditation Body is available at https://www.cmmcab.org/.
All contractors and subcontractors, regardless of their need to access sensitive information, must be audited and scored.
Additional information regarding DoD’s CMMC is available at:
Department of Defense CMMC Information