Understanding Cybersecurity Maturity Model Certification: The New Standard For Doing Business With The Department Of Defense
Security Boulevard, Monday, April 20th, 2026
CMMC is a mandatory DoD certification standard replacing self-attestation with formal audits for defense contractors handling sensitive information.
The Department of Defense created the Cybersecurity Maturity Model Certification (CMMC) to address inconsistent security practices across the defense supply chain.
CMMC 2.0 establishes three compliance levels: Level 1 for basic safeguards, Level 2 requiring 110 NIST controls for contractors handling Controlled Unclassified Information, and Level 3 for the most sensitive programs.
Organizations must use FIPS-validated encryption, work with Certified Third-Party Assessors for verification, and submit results to the DoD's eMASS system for three-year certification. With requirements already appearing in contracts and full enforcement expected by 2028, defense contractors must begin implementation immediately, as compliance can take 12-18 months.