Cybersecurity Maturity Model Certification
Assessment framework and assessor certification program / From Wikipedia, the free encyclopedia
Dear Wikiwand AI, let's keep it short by simply answering these key questions:
Can you list the top facts and stats about Cybersecurity Maturity Model Certification?
Summarize this article for a 10 year old
The Cybersecurity Maturity Model Certification (CMMC) is an assessment framework and assessor certification program designed to increase the trust in measures of compliance to a variety of standards published by the National Institute of Standards and Technology.[1]
The CMMC framework and model was developed by Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) of the United States Department of Defense through existing contracts with Carnegie Mellon University, The Johns Hopkins University, Applied Physics Laboratory LLC, and Futures, Inc.[2] The Cybersecurity Maturity Model Certification Accreditation Body oversees the program under a no cost contract. The program is currently overseen by the DOD CIO office.[3]
CMMC, which often requires third party assessment if a contractor handles Controlled Unclassified Information, will impact the $768bn Defense industry – 3.2% of the Gross Domestic Product of the United States of America. [4]
The purpose of the CMMC is to verify that the information systems used by the contractors of the United States Department of Defense to process, transmit or store sensitive data are compliant with the mandatory information security requirements.[5] The goal is to ensure appropriate protection of controlled unclassified information (CUI)[6] and federal contract information (FCI) that is stored and processed by partner or vendor.