How CMMC-compliant Content Communications Can Grow Your DoD Business
Video
Navigating the Cybersecurity Maturity Model Certification (CMMC): Ensuring Compliance in the Defense Supply Chain
The Cybersecurity Maturity Model Certification (CMMC) is a streamlined and centralized cybersecurity framework created by the U.S. Department of Defense to support contractors in defense supply chain compliance and security efforts.
Based on the types of data they manage—which is determined in part by the agency they work with—defense contractors have to have certain kinds of IT security and privacy controls in place, and if relevant, certain clearance levels. However, some types of data don’t require special security clearance but still serve an essential purpose for the DoD and associated agencies.
Federal Contract Information (FCI): This information is created as part of the working relationship between contract vendors and defense industries. While it isn’t protected by security clearance, it is still considered an important part of defense operations.
Controlled Unclassified Information (CUI): Defense agencies use or create this information as part of their operations. While it also isn’t classified, it is a critical part of defense operations (more so than FCI) and is deemed subject to cybersecurity control.
The CMMC 2.0 model is currently just a publication and undergoing review and rulemaking processes. It is expected to finish that process in 9 to 24 months. In the meantime, the CMMC-AB still honors and operates under version 1.0 audits and certifications.