Product CMMC Pricing Request Demo
Sign in

What is CMMC?

The Cybersecurity Maturity Model Certification

CMMC is the next stage in the Department of Defense's (DoD) efforts to properly secure the Defense Industrial Base (DIB). The current requirements are for a self-assessment based on NIST 800-171. The CMMC requirements demand an evaluation by an outside examiner and will provide accreditation at one of five available levels. The standards remain in the final stages of development and are summarized below. Check back here for updates as the new system evolves.

2019/20 Requirements

1. Plan of Action and Milestones (POA&M)
2. System Security Plan (SSP)

2020 and Beyond* Requirements

1. Level 1-5 Certification of technical controls and documentation
2. Higher level = Better and Broader Controls
3. Higher level = Increased Contract Opportunity

* Date of implementation expected September, 2020.

CMMC Basics

CMMC Timeline

Maturity Model Implementation

CMMC Maturity Levels

While the standards have not yet been officially set, the draft version is available, and the final version will likely follow the NIST 800-171. Level 1 is based on the oldest standard from FARS. The current standard, NIST 800-171 covers organizations through Level 3. RFP’s that require increased maturity will add additional controls from NIST 800-171b.​

After the Certification...

Real-time, "holistic" scoring of a contractor’s cybersecurity compliance. In addition to the ongoing CMMC certification process, DoD contractors will also receive real-time, remote scoring of their cybersecurity measures during contract performance, similar to a person’s credit rating. A CMMC certification "gets the contractor in the door", but DoD is also concerned with a contractor’s ability to maintain CMMC security standards during contract performance. DoD views real-time monitoring as a tool to assist certified contractors in fixing system vulnerabilities.

Certifications will expire, but it is not yet clear whether they will be annual or biannual.

FutureFeed is Future-Proof

With the ability to evolve baked in from the ground up, FutureFeed is positioned to evolve for CMMC - whatever it may be, and whenever the final standard is ready.

© 2019 - 2021 Continuous Compliance, LLC d/b/a FutureFeed.
The appearance of U.S. Department of Defense (DoD) visual information does not imply or constitute DoD endorsement.