What is CMMC Compliance?
The Cybersecurity Maturity Model Certification (CMMC) compliance framework is a set of standards that organizations must adopt if they want to participate in supply chain contracts with the United States Department of Defense (DoD).
The specifications set forth in the CMMC come from the National Institute of Standards and Technology’s Special Publication NIST 800-171 Revision 2, and are meant to limit security risks in the government sector.
CMMC includes authentication requirements for security controls that an organization must implement to protect information systems and Controlled Unclassified Information (CUI). It also includes other risk management and cybersecurity practices, such as incident response and continuous monitoring. CMMC also specifies the requirements for whether an organization can self-attest to CMMC or if they require a third-party assessment by a CMMC qualified security assessor.