Cybersecurity Maturity Model Certification (CMMC) will become law in 2023. Is a requirement for all organizations within the supply chain to the United States Department of Defense (DoD). When in effect, DoD Contractors will be required to meet a specific CMMC level to submit proposals for new DoD contracts.
CMMC ensures that an organization has achieved the minimum threshold of cybersecurity necessary to be entrusted with the types of information they receive or handle.
It is similar the NIST 800-171 but is performed by a certified external company. The NIST 800-171 standard is a federally mandated requirement for non-federal businesses conducting business with the federal government. It is required if you deal with Controlled Unclassified Information (CUI) or perform services on systems that provide CUI.
Click Image to Enlarge
Click Image to Enlarge
There are three levels of CMMC 2.0:
Levels are based on the types of information businesses handle.
Total Cyber’s NIST 800-171 solution prepares businesses for self-certification and verification.