Cyber Security Maturity Model Certification

Cybersecurity Maturity Model Certification Brief

By Amy Williams, Amy Williams, PhD, CISSP, CMMC-RP – Director of Proactive Services


The Cyber Security Maturity Model Certification (CMMC) is a new cyber security requirement for DoD contractors and subcontractors designed to specifically protect the handling of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI).

The CMMC requirement is different from NIST 800-171 in numerous ways. CMMC’s five levels of maturity include two levels that are far less burdensome than NIST 800-171, which will provide some relief to the roughly half of the 300,000 businesses currently working in some capacity as subcontractors on non-sensitive products and services or as suppliers of such things as meals and lawn services.

The DoD has made it clear that all contractors and subcontractors at every level of the defense supply chain will need to be certified at a minimum of Level 1 in order to be eligible to receive DoD-funded contracts and agreements.

The framework specifies five different levels of cyber security maturity that contractors may achieve.

Email us at [email protected].

By completing this form you agree to receive communications from BlueVoyant.

Download the White Paper

Related reading

Recommended reading