Cybersecurity Maturity Model Certification (CMMC) is an assessment model designed by the DoD (Department of Defense) to protect sensitive unclassified information. CMMC looks at several security standards used by the military and its defense contractors. Originally passed in 2018, CMMC has been revised several times but its main framework remains the same.
In 2020, DoD (Department of Defense) contractors will be required to have adequate cybersecurity protocols in place. This is in response to several security breaches that have occurred in recent years. One of the most notable was the October 4th, 2018 breach that affected over 30,00 civilian and military contractors.
The new Cybersecurity Maturity Model Certification (CMMC) is meant to simplify the process of compliance for all companies who work with Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) along the Department of Defense (DoD) supply chain. An explanation of what is considered CUI is in the Organization Index Grouping of Defense that can be found here. Draft v0.7 has been released, and the final draft, v1.0, is slated for release in January 2020. It is recommended that companies review v0.7 to begin to prepare for compliance dependent on the level of DoD CMMC certification that will be required for them to be able to bid projects.