Cybersecurity Maturity Model Certification (CMMC)
The Defense Industrial Base (DIB) is the target of more frequent and complex cyberattacks. To protect American ingenuity and national security information, the DoD developed the Cybersecurity Maturity Model Certification (CMMC) 2.0 program to reinforce the importance of DIB cybersecurity for safeguarding the information that supports and enables our warfighters.
Is Complying with CMMC Mandatory?
Compliance with the CMMC is mandatory and will be enforced through the FARS and DFARS contracting clauses. Requirements are based on the nIST SP 800-171 and NIST SP 800-172. There are 3 levels of compliance and everyone must meet Level 1 to have a contract with the Government.
What are the penalties for not complying with CMMC?
A contracting company failing to meet CMMC will be found in breach and risk losing the ability to hold governement contracts in the future.