What is CMMC?
The Cybersecurity Maturity Model Certification (CMMC) — is the newest verification standard from the DoD used to gauge and verify the extent of contractors’ and subcontractors’ cybersecurity infrastructure to adequately protect Controlled Unclassified Information (CUI) as well as Federal Contract Information (FCI). It combines, enforces and builds upon past regulations to create an updated framework for organizing cybersecurity practices and procedures across industries with the aim of creating consistent, repeatable instances of high-quality cybersecurity capabilities and practices.
Who Does CMMC Apply To?
All companies and contractors engaged or bidding on DoD contracts will be required to be CMMC compliant and certified in the near future regardless if they are first time bidders on DoD contracts or well established vendors with existing DoD contracts. The CMMC level required depends on the type of CUI and FCI your company is accessing, how involved you are in DoD operations, and current contractual obligations like NIST 800 171.