Cybersecurity Maturity Model Certification (CMMC)


The Cybersecurity Maturity Model Certification (CMMC) is a new cybersecurity requirement for DoD contractors and subcontractors designed to specifically protect the handling of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). 

The CMMC requirement is different from NIST 800-171 in numerous ways. CMMC’s five levels of maturity include two levels that are far less burdensome than NIST 800-171, which will provide some relief to the roughly half of the 300,000 businesses currently working in some capacity as subcontractors on non-sensitive products and services or as suppliers of such things as meals and lawn services.

The DoD has made it clear that all contractors and subcontractors at every level of the defense supply chain will need to be certified at a minimum of Level 1 in order to be eligible to receive DoD-funded contracts and agreements. 

The framework specifies five different levels of cybersecurity maturity that contractors may achieve.

Email us at

 By completing this form you agree to receive communications from BlueVoyant.

CMMG Thumbnail v2a

Discover the BlueVoyant Difference

Get A Demo