4
oneneck.com
What is the CMMC and why do I
need it?
The Cybersecurity Maturity Model Certification (CMMC) is a unifying
standard that was designed by the United States Department of Defense
(DOD) to gauge contractor and subcontractor compliance with a number of
cybersecurity frameworks including:
▪ National Institute of Standards and Technology (NIST) 800-171 and
(NIST) 800-172
▪ Federal Acquisition Regulation (FAR)
▪ Defense Federal Acquisition Regulation (DFARS)
The goal of using CMMC is to implement a tiered approach towards
securing sensitive defense information accessed by contractors that make
up the Defense Industrial Base (DIB) supply chain.
Complying with the various frameworks and becoming certified through
CMMC allows organizations to:
▪ Verify security strategy
▪ Uncover flaws in hardware as well as software
▪ Undergo effective security training
▪ Highlight new technology vulnerabilities
▪ Bid on lucrative DOD contracts
The specific steps required to satisfy these achievements will result in a
product that is fully compliant with CMMC audit processes.
01
