-
Purpose
CMMC is a DoD certification and compliance program that will apply to DoD contractors.
-
NIST 800-171
CMMC leverages NIST 800-171's 110 security requirements which define the safeguarding requirements for controlled unclassified information (CUI) on nonfederal systems.
-
3 CMMC Levels
CMMC includes 3 levels. Level 1 includes 15 requirements, level 2 includes 110 requirements, and level 3 includes 24 additional requirements from NIST 800-172's enhanced security requirements.
-
CyberAB
The CyberAB (formerly known as the CMMC Accreditation Body) is responsible for authorizing and accrediting CMMC Third-Party Assessment Organizations (C3PAOs). C3PAOs are 3rd-party assessors who conduct CMMC assessments of companies within the Defense Industrial Base (DIB).
-
Certification
The majority of CMMC level 2 contracts will require a 3rd-party assessment by a C3PAO. All CMMC level 3 contracts will require a government conducted assessment. Successful assessments will result in certification.
-
Compliance
All CMMC level 1 contracts will require self-assessments. Compliance will be achieved after the self-assessment has been completed and the results have been entered into the Supplier Performance Risk System (SPRS) website.
NIST 800-171 r2
Learn about NIST 800-171 and explore its 110 security requirements.
NIST 800-171A
Learn about NIST 800-171A and explore its assessment procedures.
What is the purpose of CMMC?
CMMC adds an independent assessment and certification program that provides the DoD more assurance that the Defense Industrial Base (DIB) is protecting its controlled unclassified information (CUI) in accordance with the security requirements of NIST 800-171.
Why do I need to comply with CMMC?
How can I find training on CMMC?
What level of CMMC do I need?
Can I self-assess for CMMC?
Where can I find a list of the CMMC controls?
CMMC Training
Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!