Risk Management Framework

CMMC

The Cybersecurity Maturity Model Certification (CMMC) is a regulation framework for DoD contractors. The CMMC program evolved as a more robust response to ineffective cybersecurity measures set out in the Defense Federal Acquisition Regulation Supplement (DFARS).

Framework Summary

CMMC requires that government contractors protect their Controlled Unclassified Data (CUI) by implementing the NIST 800-171 controls and having them verified by a Certified Third-Party Assessment Organization (C3PAO).

The CMMC framework is outlined by five different distinct levels. Each level has varying degrees of cybersecurity implementation requirements and processes.

Level 1 - Foundational - Annual Self-Assessment

Level 2 - Advanced - Triannual third-party assessment for 3rd Party Controls

Level 3 - Expert - Triannual government-led assessments

More about CMMC Services

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Preferences Deny Accept

Risk Management Framework

CMMC

Framework Summary

Free Discovery Session

Services

Resources

Company