DoD cybersecurity requirements provide proof that a contractor has the highest level of security protocols in place to protect sensitive information.
CMMC requirements include cybersecurity best practices as well as maturation measurement. Any company working with the DoD must show that they have implemented best security practices for the level in which they are seeking approval.
CMMC Levels and Requirements
CMMC requirements are specified in FAR clause 52.204-21 entitled “Basic Safeguarding of Covered Contractor Information Systems'' as well as the NIST SP 800-171 per DFARS clause 252.204-7012.
Must meet the 15 basic safeguarding requirements from FAR clause 52.204.21.
Must meet 65 requirements from NIST SP 800-171 implemented by DFARS clause 252.204-7012. Also must meet 7 specific CMMC practices and 2 CMMC processes.
Must meet all 110 requirements from NIST SP 800-171, 20 CMMC practices, and 3 CMMC processes.
Must meet all 110 requirements from NIST SP 800-171, 46 CMMC practices, and 4 CMMC processes.
Must meet all 110 requirements from NIST SP 800-171, 61 CMMC practices, and 5 CMMC processes.