Cybersecurity Maturity Model Certification

Overview
The Department of Defense (DoD) has announced a new five-tier standard for cybersecurity certification, which it calls the Cybersecurity Maturity Model Certification (CMMC).


 * The CMMC will review and combine various cybersecurity standards and best practices and map these controls and processes across several maturity levels that range from basic cyber hygiene to advanced. For a given CMMC level, the associated controls and processes, when implemented, will reduce risk against a specific set of cyber threats.
 * The CMMC effort builds upon existing regulation (DFARS 252.204-7012) that is based on trust by adding a verification component with respect to cybersecurity requirements.
 * The goal is for CMMC to be cost-effective and affordable for small businesses to implement at the lower CMMC levels.
 * The intent is for certified independent third-party organizations to conduct audits and inform risk.