5.3. CMMC Compliance

It stands for Cybersecurity Maturity Model Certification. CMMC is a framework developed by the US Department of Defense (DoD) that defines the levels of cybersecurity maturity expected of contractors handling DoD sensitive information.

The goal of CMMC Compliance is to strengthen US national security by protecting DoD sensitive information. To this end, CMMC defines the key security controls that contractors must take to mitigate cybersecurity risks.

CMMC Compliance is issued by the DoD. The CMMC was published in 2017 and will become mandatory in 2025.

CMMC Compliance is mandatory for contractors doing business with DoD. These contractors must implement the controls necessary to achieve a certain level of CMMC and prove the effectiveness of these controls.

The benefits of CMMC Compliance include

• Protects DoD sensitive information.

• Reduces contractors' cybersecurity risks.

• Helps contractors meet their compliance obligations.

To comply with CMMC Compliance, contractors should review the checklist for the relevant level of CMMC and identify the controls that are important to their organization. They must develop action plans for the controls they identify and implement and evaluate the effectiveness of those controls.

CMMC Compliance is an important responsibility for contractors doing business with DoD. Complying with the CMMC will help contractors protect DoD sensitive information and reduce cybersecurity risks.

There are five levels of CMMC Compliance:

• Level 1: Basic

• Level 2: Medium

• Level 3: Advanced

• Level 4: Competent

• Level 5: Leader

Each level defines further safety controls that contractors must meet.