Cybersecurity Maturity Model Certification (CMMC)

The Cybersecurity Maturity Model Certification (CMMC) is a framework that was developed by the US Department of Defense (DoD) to ensure that its contractors are adequately protecting sensitive information from cyber threats. The CMMC framework assesses a contractor's information security maturity across five levels, and certification is required for any contractor doing business with the DoD.

The CMMC v2.0, which was released in 2021, expands upon the previous version by providing additional guidance and requirements for each level of the framework. Some of the key changes in the CMMC v2.0 include:

1. Maturity Level 1: Previously, Level 1 only required the implementation of basic cyber hygiene practices, but the updated version now requires the implementation of specific security controls, such as multi-factor authentication.

2. New Domains and Capabilities: The CMMC v2.0 introduces two new domains - Cybersecurity Governance and Cybersecurity Operations - and expands upon the capabilities required for each level of the framework.

3. Transition Period: The CMMC v2.0 provides a transition period for contractors to adjust to the updated requirements, and outlines a timeline for implementing the new framework.

Businesses that are contractors for the DoD will need to meet the updated requirements in order to maintain or obtain certification.