Skip to content
Home / Function (NIST CSF 2.0) / PR - Protect / DS - Data Security

US Cybersecurity Maturity Model Certification (CMMC) 2.0

This document focuses on:

CMMC 2.0 is a Department of Defense (DoD) framework designed to unify cybersecurity standards across the Defense Industrial Base (DIB) to protect sensitive unclassified information. It streamlines the previous version into three levels—Foundational (Level 1), Advanced (Level 2), and Expert (Level 3)—which align directly with established NIST standards, specifically NIST SP 800-171 and NIST SP 800-172. From a cybersecurity perspective, the framework focuses on the protection of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) through rigorous controls in Access Control, Incident Response, and System and Communications Protection. The regulation is notable for its shift toward a hybrid assessment model, where contractors may self-attest at Level 1, but must undergo Third-Party Assessments (C3PAO) or government-led audits for higher levels to verify their technical and administrative security posture.


Publication's URL

https://www.federalregister.gov/documents/2024/10/15/2024-22905/cybersecurity-maturity-model-certification-cmmc-program

Additional documents on this topic



How would you rate this document ?

Click on a star to rate it!

What do you think of this document?

Your email address will not be published. Required fields are marked *