Use this Department of Defense template to determine your compliance with NIST SP 800-171 requirements.
CMMC is the easy acronym for Cybersecurity Maturity Model Certification, the DOD’s verification mechanism designed to protect Controlled Unclassified Information (CUI) residing on the Defense Industrial Base (DIB) networks. CMMC encompasses multiple maturity levels ranging from “Basic Cyber Hygiene” to “Advanced / Progressive Cyber Hygiene.” Each level is designed to safeguard the federal government’s assets and information from cyber-attacks through direct or indirect DoD suppliers.
Sign up below to get immediate access to the eBook v1. We are working on an updated v2 due out April 2020.
Each CMMC domain has nine standard Processes that detail the maturity of institutionalization for the practices.
Each CMMC practice is aligned to a Capability, which in turn are aligned to a Domain.
In total, across all five (5) CMMC levels, there are eighteen (18) Domains, eighty-five (85) Capabilities, and three hundred and seventy (370) Practices.
Neil McDonnell wrote this eBook to help small business leadership quickly and easily understand the DoD's CMMC requirements. In CMMC Made Easy, he has created easy-to-understand and natural groupings of the official lists to make the information easier to follow.
"It's just a process."
Every business selling to the Department of Defense (DoD) or any of the services must have a Cybersecurity Maturity Model Certification (CMMC) Level 1 or higher.
All federal prime-contractors, subcontractors and suppliers will need to meet this requirement. Without the required certification, you will not be able to sell to the federal government.
DoD expects to include requirements related to CMMC in Requests for Information (RFIs) or Source Sought notices by the summer of 2020. By the Fall of 2020, DoD expects to include specific language in all Requests for Proposals (RFPs).
Where DoD goes, others will follow. We expect other agencies that do not already have something like CMMC, to adopt CMMC into their acquisition requirements. It is not unrealistic for federal contractors and suppliers to see CMMC as a requirement across any agency by 2021.