What You Need To Know
The Cybersecurity Maturity Model Certification (CMMC) is the standard response from the Department of Defense regarding notable compromises within contractors' information systems. It is used for implementing cybersecurity throughout the defense industrial base (DIB), which consists of over 300,000 organizations.
Version 1.0 was published January 31, 2020
Who Requires It?
All Department of Defense contractors require a CMMC certification, including all suppliers in the supply chain, SMBs, commercial contractors, and foreign suppliers.
Contractors are responsible for implementing, monitoring, and certifying proper security is in place for protecting their data systems and any important DoD information. However, an independent 3rd party is also required to assess the contractors' compliance.
Five (5) certification levels are required to confirm proper security:
1. Fundamental Cyber Hygeine - using antivirus applications, employee password update protocols
2. Intermediate Security - protection of Controlled Unclassified Information (CUI) using portions of the S Department of Commerce National Institute of Standards and Technology's (NIST’s) Special Publication 800-171 Revision 2 (NIST 800-171 r2) security requirements.
3. Utilizing all NIST 800-171 r2 Security Requirements in an organization-wide cyber protection plan
4. A review board is in place to evaluate instilled practices, techniques and procedures
5. Set a standard process to detects and respond.
Palo Alto Networks, Inc., operates a multinational cybersecurity company that provides advanced firewalls and cloud-services.
AppViewX is the Next-Gen Machine Identity Management, Automation and Orchestration platform for Enterprise IT.
Aqua protects applications from development to production, across VMs, containers, and serverless workloads,
up and down the stack.
BrandShield prevents, detects and fights online scams: phishing attacks, fraud, executive impersonations and more.
Deceptive Bytes provides an Active Endpoint Deception platform that dynamically responds to attacks as they evolve and changes their outcome.
Their highly-skilled practitioners are trained to meet clients where they are – whether that be in the midst of a crisis or proactively seeking cybersecurity services.
Infoblox delivers essential technology to enable customers to manage, control and optimize DNS, DHCP, IPAM (DDI).
Infocyte is a globally trusted leader in proactive threat detection, Microsoft 365 security compliance, and incident response.
Kenna Security saves you time and money, and helps your Security and IT teams work more efficiently.
Lacework delivers security and compliance for the cloud.
A global leader in cybersecurity that helps make the world safe for exchanging digital information.
BeyondTrust is a global leader in Privileged Access Management (PAM), empowering companies to protect and manage their entire universe of privileges
CyberArk leads the market in securing enterprises against cyber attacks that take cover behind insider privileges and attack critical enterprise assets