CMMC is a unified standard for implementing cybersecurity across the defense industrial database (DIB), which includes over 300,000 companies in the supply chain. Released in January 2020, CMMC was the DoD’s response to significant compromises of sensitive defense information located on contractors’ information systems.
Going forward, any defense company that does business with the Department of Defense (DoD) will need to certify through a third-party at one of the CMMC levels established. This requirement applies to not only prime contractors but also their subcontractors and every supplier across the supply chain the prime works with.
The CMMC consists of progressively secure levels of certification built around different domains of cybersecurity and organizational health.