CMMC has become one of the looming issues for defense contractors as Pentagon as looks to fortify, not only its own networks, but those of the defense industrial base. In this op-ed, Johann Dettweiler, director of operations at TalaTek, a risk management firm, offered a frequently asked questions on how business leaders should think about this program.
What is Cybersecurity Maturity Model Certification?
The Cybersecurity Maturity Model Certification (CMMC) is the latest Department of Defense-mandated security framework for those seeking to provide services to the agency. Once fully rolled out, all DoD-contracting organizations must be compliant with CMMC standards and those who are not may find themselves shut out of DoD business.
The first version of the CMMC requirements was released in late January. The gist of the program is that an organization can get certified at one of five levels from level 1: basic cyber hygiene to level 5: advanced/progressive. Each of the five levels has an increasing number of practices and processes that an organization must implement to be considered in compliance with that level.
What are the different levels of CMMC and the approximate…