The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) has outlined a standardized set of cyber-security standards for all contractors wishing to do business with the DoD. The resulting standards has been called the Cyber-Security Maturity Model Certification. Each company much have a third party assessment to reach each of the levels based in the domains outlined below.
There are 5 total levels in the CMMC each building and including off the ones before it.
There are 17 domains throughout the 5 levels defined above. They are outlined shortly below:
Questions and Answers
Q: What is the CMMC?
A: CMMC stands for Cyber-security Maturity Model Certification. It is a certification created by The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) with the goal of assessing contracting companies actual Cyber-Security hygiene based in practices and policy.
Q: What level should I be at?
A: Contracts will be released with a CMMC level requirement but many sources state that level one will be suffcient for most contracts. However, if your work with the government typically involves either the creation or acceptance of CUI marked data then your company should aspire for level 3 or higher.
Q: How do I get certified?
A: This is still in process. The OUSD(A&S)) suggests that companies regularly check with The CMMC regularly for updates. JLGOV will update this page when any updates are released.
Q: How much will certification cost?
A: As of now, the price will be set by the third party assessor company utilized to complete the CMMC assessment.