Cybersecurity Maturity Model Certification (CMMC)

Cybersecurity Maturity Model Certification (CMMC) is a program that the Department of Defense (DoD) uses to certify the cybersecurity status of businesses operating as suppliers and contractors within the Defense Industrial Base (DIB). CMMC has three levels and provides certification via self-assessment at the lowest level or via external inspection and audit at two higher levels.

CMMC compliance aims to secure the DIB from cyberattacks by adversaries of the USA who are looking to access confidential defense project information to advance their own defense projects. Or to get access to personal information about contractor organization staff for further cyberattack planning or other nefarious purposes.

CMMC 2.0 requires the 110 controls outlined in NIST SP 800-171 to achieve CMMC Level 2 certification. For DoD contracts that need CMMC 2.0 Level 3 certification, the additional 35 enhanced security controls outlined in NIST SP 800-172 also need to be in place.

Critical Insight contact background

Talk to one of our cybersecurity experts

245 4th St Ste 405Bremerton, WA 98337

Looking for careers?

View all job openings

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.