Cyber Maturity Model Certification (CMMC)
What Is Cyber Maturity Model Certification (CMMC)?
The Cyber Maturity Model Certification (CMMC) is a certification program developed by the U.S. Department of Defense (DoD) to ensure that contractors and subcontractors who handle sensitive information have the necessary security controls in place. The CMMC is a five-level certification program that assesses the maturity of an organization’s cybersecurity practices. The five levels are Basic Cyber Hygiene, Intermediate Cyber Hygiene, Good Cyber Hygiene, Proactive, and Advanced/Progressive. Each level requires organizations to meet certain security requirements, such as implementing access control, incident response, and system security plans. Organizations must be certified at the appropriate level in order to be eligible for DoD contracts.
Description
The Cyber Maturity Model Certification (CMMC) is a certification program developed by the U.S. Department of Defense (DoD) to ensure that contractors and subcontractors who handle sensitive information have the necessary security controls in place.
Usage and Examples
Organizations that wish to do business with the DoD must be certified at the appropriate CMMC level. For example, a contractor that handles sensitive information must be certified at the Proactive level, while a subcontractor that handles less sensitive information may only need to be certified at the Basic Cyber Hygiene level. Organizations must demonstrate that they have the necessary security controls in place in order to be certified. This includes implementing access control, incident response, and system security plans.