CMMC Assessment Guide
Preveil, Wednesday, June 14,2023
If you contract for the Department of Defense (DoD) you will soon need to achieve compliance with the Cybersecurity Maturity Model Certification (CMMC - the DoD's initiative to improve cybersecurity across the DIB.
Historically, defense contractors handling Federal Contract Information (FCI) or Controlled Unclassified Information (CUI) have been allowed to demonstrate compliance with the DoD's cybersecurity standards by conducting a self-assessment against the NIST 800-171 controls and submitting compliance scores to the Supplier Performance Risk System (SPRS) database. The lack of third party oversight resulted in a discontinuity between reported scores and on-the-ground cybersecurity realities. CMMC and its focus on assessments will close that gap.