The Cybersecurity Maturity Model Certification (CMMC) is a Department of Defense (DoD) framework that outlines required cybersecurity standards for contractors. More than 300,000 companies in the defense industrial base (DIB) supply chain are protecting sensitive defense information assets and are subject to CMMC.

For organizations that work closely with the DoD and have access to Federal Contract Information not intended for public release, this framework is used to help establish and appropriately scale your expected cybersecurity measures to defend sensitive national data.

How It Works

CMMC controls framework maps your organization’s cybersecurity readiness against five progressive levels of maturity. Every level scales to the sensitivity of the data it protects. Unlike previous self-certified cybersecurity standards for contractors, your organization’s compliance with CMMC will be subject to third-party validation when competing for DoD contracts.

CMMC controls framework is accessible in the Risk Cloud Controls Repository. Here, you can establish the DoD’s cybersecurity standards for your organization right within the platform.

Why You Need It

• Ensure your organization has DoD approved cybersecurity standards in place to protect data that will impact national security
• Ensure CMMC compliance to improve your organization’s chance of being considered for DoD contracts
• Limit accessibility of critical national security data to approved individuals and departments