CMMC

Welcome to the second installment of our series on the Cybersecurity Maturity Model Certification (CMMC), a framework required for companies contracting with the US Department of Defense (DoD). In this guide, we’ll break down everything you need to know about CMMC Level 2. For information about other levels of the CMMC, see our guides, levels 1, 3, 4, and 5.

Welcome to the first installment of our series on the Cybersecurity Maturity Model Certification (CMMC), a novel area of cybersecurity shepherded by the US Department of Defense (DoD). In this guide, we’ll break down everything you need to know about CMMC Level 1. For information about later levels of the CMMC, see our upcoming guides to levels 2, 3, 4, and 5.

Cybersecurity Maturity Model Certification (CMMC) is an assessment model designed by the DoD (Department of Defense) to protect sensitive unclassified information. CMMC looks at several security standards used by the military and its defense contractors. Originally passed in 2018, CMMC has been revised several times but its main framework remains the same.

It has been quoted by the Department of Defence (DoD) that cybercrime cost the economy $600 billion in 2016. Amongst the economic costs to the economy, there are also opportunity costs that come in the form of threats to national security. These factors, amongst other things, spawned the creation of the Cybersecurity Maturity Model Certification (CMMC). In this article, we will be exploring the CMMC Level 1 controls.

In 2019 the Department of Defense (DoD)—in conjunction with John Hopkins University Applied Physics Laboratory (APL) and the Carnegie Mellon University Software Engineering Institute (SEI)—began a review of the various cybersecurity standards.

Their mission: to forge the various practices into a single unified cybersecurity standard in order to secure the DoD supply chain.

Its name: the Cybersecurity Maturity Model Certification (CMMC)

Although the novel cybersecurity framework is still in the process of being built out, it’s estimated that a selected group of DoD contractors will undergo audits as soon as the year’s end.

Cybersecurity Maturity Model Certification (CMMC) costs can be expensive. However, if your business has a contract with the Department of Defense (DoD), certification is a must. This applies to Prime and subcontractors of both large and small companies.

Technological theft, espionage, “a threat to national security” – terms that are becoming all too familiar to the Department of Defence (DoD). In recent years with the increasing turbulence of cyberattacks, the DoD has been looking toward a more stringent compliance framework to quell the fires of cyberattacks along the Defence Industry Base (DIB) supply chain.

Enter the Cybersecurity Maturity Model Certification (CMMC).

For contractors that engage with the DoD, the CMMC is the new standard to abide by. In this article, we will discuss the Do’s and Don’ts of CMMC, but first a brief introduction to the model.

Cybersecurity is a crucial concern for every business in the world. No matter the kind or size of organization, it’s always imperative to safeguard against cybercrime to prevent loss of sensitive information and other related risks, such as theft and extortion. The threats posed by hackers and other bad actors are even more significant when it comes to matters of national security.

The United States Department of Defense (DoD) requires the utmost protection for all of its assets and procedures. As the department directly responsible for national security and the wellbeing of all American citizens, threats of cybersecurity targeting DoD are uniquely potent. 

With the Department of Defense (DoD) moving away from self-certification models, industries now have new issues facing them if they choose to continue supplying the Defense Industry Base (DIB). The Cybersecurity Maturity Model Certification (CMMC), is now a requirement for all DoD contractors.