The rise in digital technologies utilized by defense contractors to increase efficiency has let to tremendous growth. However, it has also come with its threats. The United States’ Department of Defense (DoD) supply chain is vital to both national security as well as individuals’ protection in the armed forces. Regardless of where contractors stand in the defense industrial base (DIB), security is critical to protecting intellectual property.This is where the Cybersecurity Maturity Model Certification (CMMC) comes in. CMMC is a program initiated by the DoD in order to measure defense contractors’ capabilities, preparedness, and sophistication in cybersecurity. CMMC is somewhat a collection of existing frameworks and standards such as NIST, FAR, and DFARS. The development of CMMC came after the recognition that there needed to be more structure than that of the self-certification compliance with NIST SP 800-171.Processes are assessed for maturity levels corresponding to the certification level. The domains are made up of Practices (organized by capabilities) and they encompass the Processes. Certification to a level requires mastering the Domains in that level, which includes their Practices and Processes.
Blog courtesy of Kyber Security, a managed security service provider in Fairfield, Connecticut. Read more Kyber Security blogs here.
Who is CMMC For?
CMMC applies to both “prime” contractors who engage directly with the DoD, as well as subcontractors who work with the primes to execute their contracts. Not all contractors will require the same level of certification in order to obtain a contract with the DoD, but it’s important that contractors meet their level of certification in order to keep their contracts.Why Does CMMC Matter?
The rise in cybercrimes has taken a tremendous toll on industries around the world, draining hundreds of billions of dollars annually from the global GDP. With the DoD relying on its network of contractors to host critical data, it’s crucial those organizations have the necessary cybersecurity capabilities to combat threats and mitigate risk. CMMC is going to be an important part of DoD contractors adopting cybersecurity best practices to safeguard that data. Additionally, it’s equally as important for contractors to meet their level of certification in order to retain their contracts. DoD contractors who fail to meet their required level of compliance risk losing their contracts.CMMC Framework
CMMC has a lot of interconnected moving parts, but here’s a summary of the key measures to know:- Domains: 17
- Capabilities: 43 (these are collections of practices)
- Practices: 171
- Processes: Maturity Levels 1-5
- Certification levels: 5




