Executive Brief: Cybersecurity Maturity Model Certification (CMMC)
Beginning in Fall 2020, defense contractors face the very real threat of losing business if they are non-compliant with the newly released Cybersecurity Maturity Model Certification (CMMC) standard. Under the current regulations —DFARS 252.204-7012 — contractors must implement security controls identified in NISTSP 800-171 that safeguard Controlled Unclassified Information (CUI). Contractors can self-attest to compliance after the contract is won, but security gaps may remain unidentified and unmitigated until a government DFARS audit is conducted.