What is CMMC?
Introduced in Q3 2020, the Cybersecurity Maturity Model Certification (CMMC) is the Department of Defense’s (DoD) newly mandated compliance and verification framework. The CMMC framework is designed to adequately protect Controlled Unclassified Information (CUI) and to assess and enhance the security posture of data located on the networks and systems of the Defense Industrial Base (DIB).
All organizations or contractors that have plans to renew current contracts or bid on new contracts will be required to be at one of the 5 maturity compliance levels.
CMMC Maturity Levels
Level 1: | Practices are performed at minimum, in an ad-hoc manner |
---|---|
Level 2: | Practices are documented |
Level 3: | Processes are maintained and followed |
Level 4: | Processes are periodically reviewed, properly resourced, and improved across the organization |
Level 5: | Continuous improvement across the organization |
Am I Already CMMC Certified?
No contractor is CMMC certified until they are audited directly by an accredited and independent third party commercial certification organization, who will then review the contractor’s security processes and practices.
CMMC will require companies to have the certification to match the level required on the contract prior to it being awarded.
If you would like to find out more about our CMMC Auditing services, please fill out the form below and we will contact you with our findings.