• Skip to primary navigation
  • Skip to main content
  • Skip to footer
ControlCase No Tag LOGO md

ControlCase

IT Certifications, Continuous Compliance and Cybersecurity Services Provider

  • Company
    • About Us
    • Careers
    • Locations
    • Team
  • Industries
    • Business Process Outsourcing
    • Cloud Service Providers
    • Retail
    • Telecom | Entertainment
  • Certifications
    • PCI DSS Certification
    • CSA STAR Certification
    • GDPR Assessment
    • HIPAA Assessment
    • HITRUST Certification
    • ISO 27001 Certification
    • FedRAMP 3PAO Services and NIST 800-53
    • CMMC Compliance: NIST 800-171
    • MARS-E Assessment
    • P2PE Certification
    • PA DSS Certification
    • SOC2 Report
  • Solutions
    • Continuous Compliance Solution
    • One Audit
    • Card Data Discovery Software
    • Data Security Rating
  • Testing
    • Application Reviews
    • Application Security Training
    • Code Reviews
    • Card Data Discovery
    • External Vulnerability Scans
    • Firewall Security Reviews
    • Internal Vulnerability Scans
    • Log Monitoring
    • Penetration Testing
  • Resources
    • Events
    • News
    • Webinars
    • Newsletters
    • Blog
  • Contact Us

What is CMMC Compliance?

You are here: Home / Blog / What is CMMC Compliance?

What is CMMC?

CMMC stands for Cyber Security Maturity Model Certification. CMMC is a unifying standard for the implementation of cyber security across the Defense Industrial Base (DIB). The standard was released by the US Department of Defense (DoD) and became effective November 30th, 2020.

Get Your Free CMMC Checklist Now
Download Now

CMMC aims to standardize and improve cyber security practices within the Defense Department and Defense Industrial Base (DIB) ecosystem. CMMC ensures that DIB companies implement appropriate cyber security practices and processes to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) within their unclassified networks.

What is Controlled Unclassified Information (CUI)?

CUI refers to sensitive information that laws, Federal regulations, or Government-wide policies require or permit executive branch agencies to protect. The information includes the information the Government creates or possesses or information an entity creates or possesses for or on behalf of the Government.

Who does CMMC apply to?

CMMC applies to:

  1. Defense Industrial Base (DIB) contractors whose unclassified networks possess, store, or transmit Controlled Unclassified Information (CUI).
  2. Defense Industrial Base (DIB) contractors whose unclassified networks possess Federal Contract Information (FCI).

What is CMMC Accreditation Body (CMMC-AB)?

CMMC-AB is an independent organization authorized to operationalize CMMC in accordance with the US Department of Defense requirements. CMMC-AB authorizes and accredits CMMC Third Party Assessment Organizations (C3PAOs). CMMC-AB also authorizes and accredits CMMC Assessors and Instructors Certification Organizations (CAICO).

What is a CMMC Third-Party Organization (C3PAO)?

C3PAOs conduct CMMC assessments and issue CMMC certificates based on the results of the assessments. Accredited C3PAOs must meet all DoD requirements and achieve full compliance with ISO/IEC 17020.

What does CMMC mean for cyber security?

CMMC enforces the Defense Federal Acquisition Regulation Supplement (DFARS) and National Institute of Standards and Technology (NIST) frameworks by requiring every contractor to be audited by an independent third-party auditor or CMMC Third-Party Assessment Organization (C3PAO).

What are the CMMC Maturity Levels?

There are 5 CMMC levels, each with associated controls and processes. The level of the CMMC certificate is dependent upon the type and nature of information flowed down from your prime contractor. The DoD will specify the required CMMC level in Requests for Information (RFIs) and Requests for Proposals (RFPs).

CMMC Levels and Practices

How often is CMMC needed?

A CMMC certificate is valid for 3 years.

CMMC Certification Methodology?

To achieve CMMC, organizations begin with consulting an RPO to design, assess and remediate their current cyber security posture. Next, they complete an assessment with an approved CMMC C3PAO.  ControlCase is an approved CMMC Registered Provider Organization.

CMMC Certification Methodology

 

Get Your Free CMMC Checklist Now
Download Now

  • Facebook
  • LinkedIn
  • Twitter
  • YouTube

Footer

Connect

Corporate Headquarters
12015 Lee Jackson Memorial Hwy, Suite 520, Fairfax, VA 22033

Send us a message

Call Us

About Us

ControlCase is a United States based company, headquartered in Fairfax, Virginia with locations in North America, Europe, Latin America, Asia/Pacific and the Middle East to serve our clients globally.

Quick Links

  • Company
  • Team
  • Careers
  • Locations
  • Covid-19 Notice

Certifications, Assessments and Reports

  • PCI DSS Certification
  • CSA STAR Certification
  • GDPR Assessment
  • HIPAA Assessment
  • HITRUST Certification
  • ISO 27001 Certification
  • FedRAMP and 3PAO Services
  • MARS-E Assessment
  • P2PE Certification
  • PA DSS Certification
  • SOC2 Report

© ControlCase LLC 2022 | Privacy Policy | Impartiality Statement | Legal Notices

This site uses cookies: Find out more.