CMMC is a cybersecurity framework and certification process designed to ensure that contractors in the defense industrial base meet specific cybersecurity maturity levels. The CMMC security requirements are based upon the NIST SP 800-53 and corresponding risk designation. Three levels exist, based on the information types processed by the organization, and the relationship with the federal government.   

 

Applicability: 

  • Focuses on certifying companies rather than specific products.
  • Company-level certification ensures cybersecurity practices.
  • Aligns with NIST SP 800-171 and other cybersecurity standards.

URL: CMMC