Cybersecurity Maturity Model Certification ensures a unified security standard for all DoD contracts. It requires organizations in the DoD supply chain to rate their maturity level and undergo a CMMC audit by an official CMMC auditor.
DFARS requires an assessment of a government contractor’s implementation of NIST SP 800-171 security requirement before they can receive a contract.
The assessment involves a standard scoring practice along with three assessment level ratings: Basic, Medium and High.
DFARS and CMMC Rating
NIST SP 800-171 DoD Assessment Methodology is broken down into the following three ratings:
Basic: A basic rating means that the organization has done an internal assessment of their System Security Plan (SSP) and Plan of Action and Milestones (POAM).
Medium: A medium rating is received when the Department of Defense scores an organization’s SSP and POAM.
High: A high rating is given after an on-site assessment by the DoD.