The Cybersecurity Maturity Model Certification (CMMC) is an assessment framework and assessor certification program designed to increase the trust in measures of compliance to a variety of standards published by the National Institute of Standards and Technology
The CMMC framework and model was developed by Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) of the United States Department of Defense through existing contracts with Carnegie Mellon University, The Johns Hopkins University Applied, Physics Laboratory LLC, and Futures, Inc. The Cybersecurity Maturity Model Certification Accreditation Body oversees the program under a no cost contract.
CMMC, which often requires third party assessment if a contractor handles Controlled Unclassified Information, will impact the $768bn Defense industry – 3.2% of the Gross Domestic Product of the United States of America.
The purpose of CMMC is to verify that the information systems used by the contractors of the United States Department of Defense to process, transmit or store sensitive data is in compliant with the mandatory information security requirements. The goal is to ensure appropriate protection of controlled unclassified information (CUI) and federal contract information (FCI) that is stored and processed by partner or vendor.