The purpose of the CMMC framework is to assess and enhance the cybersecurity posture of the Defense Industrial Base (DIB). The CMMC is intended to serve as a verification mechanism to ensure appropriate levels of cybersecurity practices and processes are in place to ensure basic cyber hygiene -- as well as to protect controlled unclassified information (CUI) that resides on the Department’s industry partners’ networks. The intent is to incorporate CMMC into Defense Federal Acquisition Regulation Supplement (DFARS) and use it as a requirement for contract award.
The CMMC combines various cybersecurity standards and best practices and maps these controls across several maturity levels that range from basic cyber hygiene to advanced. The first step towards certification is to get a third-party Readiness Review completed to identify gaps that would prevent an organization from meeting the minimum requirements.
