What is CMMC?

CMMC stands for Cybersecurity Maturity Model Certification.

It was created by the United States Department of Defense to normalize and standardize cybersecurity protocols for the DOD and all of its subcontractors.

In creating the CMMC, the DOD acknowledged that not all service providers have the bandwidth to establish security programs on the same level. Recognizing that service providers' security depends on various types of unclassified information, the CMMC was created as a tiered model. Varying from Tier 1 (Standard Cyber Hygiene) to Tier 5 (Progressive/Advanced), these levels allow vendors the ability to meet the necessary security requirements for the contracts on which they are bidding.

CMMC 2.0 will include a streamlined approach to compliance and reduce the CMMC levels from five to three. 

See also: What is CMMC Compliance?

Return to Cybersecurity Frameworks and Standards Glossary