CMMC 2.1

Learn about the Cybersecurity Maturity Model Certification (CMMC) 2.1 and explore its requirements.

  • Purpose

    CMMC is a DoD certification and compliance program that will apply to DoD contractors.

  • NIST 800-171

    CMMC leverages NIST 800-171's 110 security requirements which define the safeguarding requirements for controlled unclassified information (CUI) on nonfederal systems.

  • 3 CMMC Levels

    CMMC includes 3 levels. Level 1 includes 15 requirements, level 2 includes 110 requirements, and level 3 will include 24 additional requirements from NIST 800-172's enhanced security requirements.

  • CyberAB

    The CyberAB (formerly known as the CMMC Accreditation Body) is responsible for authorizing and accrediting CMMC Third-Party Assessment Organizations (C3PAOs). C3PAOs are 3rd-party assessors who conduct CMMC assessments of companies within the Defense Industrial Base (DIB).

  • Certification

    The majority of CMMC level 2 contracts will require a 3rd-party assessment by a C3PAO. All CMMC level 3 contracts will require a government conducted assessment. Successful assessments will result in certification.

  • Compliance

    All CMMC level 1 contracts will require self-assessments. Compliance will be achieved after the self-assessment has been completed and the results have been entered into the Supplier Performance Risk System (SPRS) website.

NIST 800-171 / CMMC Training
Available Now!

NIST 800-171 r2

Learn about NIST 800-171 and explore its 110 security requirements.

NIST 800-171A

Learn about NIST 800-171A and explore its assessment procedures.

CMMC is a certification program that provides the DoD more assurance that the Defense Industrial Base (DIB) is protecting its controlled unclassified information (CUI) in accordance with the security requirements of NIST 800-171.

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!