Cybersecurity Maturity Model Certification (CMMC) is a new maturity model for organizations doing business with the Department of Defense (DoD), and builds on the NIST 800-171 control framework. It applies to organizations that store, process, and/or transmit either Federal Contract Information (FCI) or Controlled Unclassified Information (CUI).
The CMMC is intended to serve as a verification mechanism to ensure appropriate levels of cybersecurity practices and processes are in place to ensure basic cyber hygiene as well as protect FCI or CUI.
CMMC Maturity Process ProgressionOrganized in five levels, from "Performed" to "Optimizing," below is a summary of each level relative to a security program's processes. For the purposes of this model, activity plans may include mission, goals, project plan, resourcing, training needed, and involvement of relevant stakeholders.
CMMC Practice ProgressionOrganized in five levels from "Basic Cyber Hygiene" to "Advanced/Progressive," below is the maturity progression for an organization's cyber security practices. In contrast to CMMC Maturity Process Progression, this scale measures compliance with specific frameworks or regulations determined for each level.
Establish a path to maturity that meets your needs with our proven methodology.