What is CMMC?

The Cybersecurity Maturity Model Certification (CMMC) is the Department of Defense’s (DoD) newest verification mechanism designed to ensure that cybersecurity controls and processes adequately protect Controlled Unclassified Information (CUI) that resides on Defense Industrial Base (DIB) systems and networks.

DoD is migrating to the new CMMC framework in order to assess and enhance the cybersecurity posture of the Defense Industrial Base (DIB) sector. The CMMC is intended to serve as a verification mechanism to ensure that DIB companies implement appropriate cybersecurity practices and processes to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) within their unclassified networks.

Unlike NIST SP 800-171, the CMMC model possesses five levels. The model is cumulative whereby each level consists of practices and processes as well as those specified in the lower levels. The CMMC Model includes additional cybersecurity practices in addition to the security requirements specified in NIST SP 800-171.

In addition to assessing a company’s implementation of cybersecurity practices, the CMMC will also assess the company’s maturity processes. In general, a CMMC certificate will be valid for 3 years.

If you’d like to learn more about CMMC and how Vintage IT Services can help your business meet CMMC compliance give us a call at 512-481-1117.

This information has been provided by the Office of the Under Secretary of Defense for Acquisition & Sustainment
Cybersecurity Maturity Model Certification