CMMC

Learn about the Cybersecurity Maturity Model Certification (CMMC), a unified standard for implementing cybersecurity across the defense industrial base (DIB).

Key Features

Why developers choose CMMC.

Applicability

Mandatory for contractors in the Department of Defense (DoD) supply chain.

Status

Becoming mandatory for DoD contracts.

Core Requirement

Third-party certification against NIST 800-171 controls to protect Controlled Unclassified Information (CUI).

Output

A CMMC certification at one of three levels, awarded by a CMMC Third-Party Assessment Organization (C3PAO).

Perception

A necessary certification for any organization that wants to do business with the DoD.

Implementation & Strategy

Costs, timelines, and strategic considerations for adopting CMMC.

Estimated Project Costs

CMMC certification costs can vary widely, depending on the size and complexity of the organization. A small organization might spend between $50,000 and $100,000, while a mid-sized organization could spend between $100,000 and $250,000. Large, enterprise-level organizations can exceed $250,000.

Implementation Strategy

A typical CMMC implementation starts with a scoping exercise to identify all the systems that are in scope for CMMC. From there, the organization can perform a gap analysis to identify any areas of non-compliance. The final step is to undergo a formal audit by a C3PAO.