Product CMMC Pricing Request Demo Sign in

What is CMMC?

The Cybersecurity Maturity Model Certification

CMMC is the next stage in the Department of Defense's (DoD) efforts to properly secure the Defense Industrial Base (DIB). The current requirements are for a self-assessment based on NIST 800-171. The CMMC requirements demand an evaluation by an outside examiner and will provide accreditation at one of five available levels. The standards remain in the final stages of development and are summarized below. Check back here for updates as the new system evolves.

2019/20 Requirements

1. Plan of Action and Milestones (POA&M)
2. System Security Plan (SSP)

2020 and Beyond* Requirements

1. Level 1-5 Certification of technical controls and documentation
2. Higher level = Better and Broader Controls
3. Higher level = Increased Contract Opportunity

* Date of implementation expected September, 2020.

CMMC Basics

CMMC Timeline

Maturity Model Implementation

CMMC Maturity Levels

While the standards have not yet been officially set, the draft version is available, and the final version will likely follow the NIST 800-171. Level 1 is based on the oldest standard from FARS. The current standard, NIST 800-171a covers organizations through Level 3. RFP’s that require increased maturity will add additional controls from NIST 800-171b.​

After the Certification...

Real-time, "holistic" scoring of a contractor’s cybersecurity compliance. In addition to the ongoing CMMC certification process, DoD contractors will also receive real-time, remote scoring of their cybersecurity measures during contract performance, similar to a person’s credit rating. A CMMC certification "gets the contractor in the door", but DoD is also concerned with a contractor’s ability to maintain CMMC security standards during contract performance. DoD views real-time monitoring as a tool to assist certified contractors in fixing system vulnerabilities.

update
Certifications will expire, but it is not yet clear whether they will be annual or biannual.

More Reading

Official DoD FAQ

Browse FAQ
6/17/2019

"Why DoD’s decision to make cybersecurity an 'allowable cost' matters"

Includes a great podcast
Read Article

CMMC listening events schedule

calendar_todayView Schedule
6/20/2019

"The cost to comply with DoD’s new cybersecurity requirements to be reimbursable on cost contracts"

Read Article
8/30/2019

CMMC Overview Briefing - Download

Download PDF
8/30/2019

Draft CMMC Model - Version 0.4

Download PDF

FutureFeed is Future-Proof

With the ability to evolve baked in from the ground up, FutureFeed is repositioned for CMMC - whatever it may be, and whenever the final standard is ready.





FutureFeed © 2019