Your Top Five Cyber Risks in Five Clicks with the Free Cyber Risk Analysis

FREE RISK ANALYSIS
Request Demo

Who Needs to Comply with CMMC?

CMMC is required of any individual in the DOD supply chain, including contractors who interact exclusively with the Department of Defense and any and all subcontractors.

According to the DOD, the CMMC requirements will affect over 300,000 organizations. Fortunately, most businesses require only a Level 1 to Level 3 certification. The CMMC Accreditation Body (CMMC-AB) establishes a process to qualify private third-party assessment organizations (C3PAO) and assessors to determine CMMC levels. 

The RFP will define the precise level of certification a business needs to be granted a federal contract. 

When is CMMC Compliance Required? 

CMMC is required for companies that are part of the DoD supply chain and handle Controlled Unclassified Information (CUI). The CMMC ensures these entities meet specific cybersecurity standards to protect sensitive information. As of CMMC 2.0, different certification levels are required based on the type of information the organization handles, with some contracts mandating CMMC compliance as a condition for bidding. 

Read more: Additional guidance on compliance for subcontractors

Resources:

  1. What Is CMMC?
  2. Who needs to comply with CMMC?

 

Return to Security and Risk Terms Glossary

learn more about cmmc

Download the Solution Overview

DOWNLOAD THE WHITEPAPER