-
Purpose
CMMC is a DoD certification and compliance program that will apply to DoD contractors.
-
NIST 800-171
CMMC leverages NIST 800-171's 110 security requirements which define the safeguarding requirements for controlled unclassified information (CUI) on nonfederal systems.
-
3 CMMC Levels
CMMC includes 3 levels. Level 1 includes 15 requirements, level 2 includes 110 requirements, and level 3 will include 24 additional requirements from NIST 800-172's enhanced security requirements.
-
CyberAB
The CyberAB (formerly known as the CMMC Accreditation Body) is responsible for authorizing and accrediting CMMC Third-Party Assessment Organizations (C3PAOs). C3PAOs are 3rd-party assessors who conduct CMMC assessments of companies within the Defense Industrial Base (DIB).
-
Certification
The majority of CMMC level 2 contracts will require a 3rd-party assessment by a C3PAO. All CMMC level 3 contracts will require a government conducted assessment. Successful assessments will result in certification.
-
Compliance
All CMMC level 1 contracts will require self-assessments. Compliance will be achieved after the self-assessment has been completed and the results have been entered into the Supplier Performance Risk System (SPRS) website.
NIST 800-171 r2
Learn about NIST 800-171 and explore its 110 security requirements.
NIST 800-171A
Learn about NIST 800-171A and explore its assessment procedures.
What is the purpose of CMMC?
CMMC is a certification program that provides the DoD more assurance that the Defense Industrial Base (DIB) is protecting its controlled unclassified information (CUI) in accordance with the security requirements of NIST 800-171.
Why do I need to implement CMMC?
How can I find training on CMMC?
What level of CMMC do I need?
Can I self-assess for CMMC?
Where can I find a list of the CMMC controls?
CMMC Training
Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!