Cybersecurity Maturity Model Certification (CMMC)

The Cybersecurity Maturity Model Certification (CMMC) is a U.S. Department of Defense (DoD) initiative designed to protect sensitive information shared with contractors and subcontractors throughout the defense supply chain. With CMMC, the DoD ensures that organizations handling Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) meet strict cybersecurity standards.

Understanding CMMC 2.0 Certification

  • In November 2021, the DoD introduced CMMC 2.0, enhancing the existing framework for cybersecurity compliance. By 2025, contractors will need to demonstrate their compliance with these cybersecurity standards and obtain the appropriate certification level to be eligible for defense contracts.
  • CMMC 2.0 safeguards both FCI and CUI while aligning with the DoD’s broader information security objectives. It is based on guidelines from the National Institute of Standards and Technology (NIST) Special Publications (SP) 800-171 and 800-172, focusing on advanced protection measures for sensitive data.
  • The Structure of CMMC 2.0
    The updated program divides compliance into three levels:
    • Level 1 (Foundational): Aimed at protecting FCI, this level consists of 17 practices derived from the Federal Acquisition Regulation (FAR) clause 52.204-21.
    • Level 2 (Advanced): Extends Level 1 practices by incorporating 110 practices from NIST SP 800-171, designed to secure CUI, including both prioritized and non-prioritized data.
    • Level 3 (Expert): Builds on Level 2 practices with additional measures from NIST SP 800-172 to guard against advanced persistent threats (APTs).

Governance and Oversight

The CMMC program operates under the Defense Federal Acquisition Regulation Supplement (DFARS) and is managed by the Office of the Under Secretary of Defense for Acquisitions and Sustainment. The certification process is overseen by an independent entity, Cyber AB, which collaborates with the DoD to implement and maintain the CMMC standards across the defense industry.

Hackers Never Sleep. Neither Do We.



DUBAI OFFICE

+971-54-565-9528

Digisecuritas Cybersecurity, FZCO 52550-001, IFZA Business Park, Dubai Digital Park, Dubai Silicon Oasis, Dubai, UAE



INDIA OFFICE

+91-8196966161, +91-8194943131

SCO 27, Level-II, Sector 21C,
Sector 21, Chandigarh, 160022