CMMC Compliance: What You Need to Know
With controlled unclassified Information (CUI) facing enormous risk, the Department of Defense (DoD) recently introduced a new security framework to help ensure vendors follow appropriate cybersecurity protection and processes: The Cybersecurity Maturity Model Certification (CMMC).
This is the latest security framework mandated by the DoD for any contractor that sells into the Defense Department. It verifies that suitable cybersecurity systems and processes are set up to support fundamental cyber hygiene practices.
Before the CMMC, Department of Defense contractors were responsible for monitoring and certifying their information systems security and the integrity of any DoD data they generate, transmit, or store under the Defense Federal Acquisition Regulation Supplement (DFARS), which was implemented in 2015.
Why is CMMC Important?
CMMC is designed to maintain the security of controlled unclassified information (CUI) stored on networks of DoD contractors. By 2025, all DoD suppliers will need to achieve at least Level 1 CMMC compliance to continue doing business with the department.
Under this new model, defense contractors are still responsible for implementing their cybersecurity measures, but now the systems and processes they put in place are also subject to audits by third-party assessors to ensure compliance. With this in mind, it is time to get ready.
Is your organization prepared for CMMC? Download our guide to Cybersecurity Maturity Model Certification and learn what you will need to do to achieve compliance.