What is the Cybersecurity Maturity Model Certification (CMMC)?

CMMC stands for “Cybersecurity Maturity Model Certification”.  The CMMC is a formal certification intended to ensure that appropriate levels of cybersecurity controls and processes are in place to protect controlled unclassified information (CUI) residing on DoD contractor networks.  If your business offers products and/or services to the DoD or a DoD contractor, the CMMC will apply to you.

The goal of the Cybersecurity Maturity Model Certification is to protect national security and to protect American businesses.  The CMMC combines various cybersecurity control standards such as NIST SP 800-171, NIST SP 800-53, ISO 27001, ISO 27032, AIA NAS9933 and others into one unified standard for cybersecurity.  The CMMC will also measure the maturity of a company’s cybersecurity practices and processes.

Unlike the NIST 800-171 framework, there is no self-certification for the Cybersecurity Maturity Model Certification.  Instead, a third-party CMMC auditor (Certified Third-Party Assessor Organization - C3PAO) will be required.  Registered Provider Organizations (RPOs), such as Appalachia, have been accredited by CMMC to help prepare organizations for C3PAO auditing.

The CMMC encompasses 5 security levels, with level 5 being the most secure.  The majority of contractors and especially manufacturers will be level 3.  Levels 4 and 5 are reserved for contractors who require very high levels of cybersecurity – think munitions and weapons manufacturers.  Levels 1 and 2 will apply to merchants and services.

 CMMC Maturity Process Progression

Figure 1 CMMC Maturity Process Progression - https://www.acq.osd.mil/cmmc/

 
For more information or to get help now, contact us at (888) 277-8320. 
 
To download the white paper "Deep Dive: NIST SP 800-171r1 and DRAFT NIST SP 800-172 Compared," click HERE.

News & Updates

P R E S S    R E L E A S E Mechanicsburg, PA, April 27, 2021: Today, Appalachia Technologies, a Managed IT and Cybersecurity Provider, announced their approval as a Registered Provider Organization (RPO) by the Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB).  CMMC is a unifying standard for the implementation of cybersecurity across the Defense Industrial Base (DIB).

Contact Us

Learn more about what Appalachia Technologies can do for your business.

Appalachia Technologies
5012 Lenker Street
Mechanicsburg, Pennsylvania 17050