The Department of Defense (DoD) released the latest draft version of the Cybersecurity Maturity Model Certification (CMMC) framework, CMMC v0.6 , on November 7 for public review. This maturity model assesses and enhances the cybersecurity posture of the Defense Industrial Base (DIB) and is applicable to all companies conducting business with the DoD whether or not they handle controlled unclassified information (CUI).

The CMMC combines various cybersecurity control standards (e.g. NIST SP 800-171, NIST SP 800-53, ISO 27001, ISO 27032, AIA NAS9933 and others) into one unified standard for cybersecurity. Furthermore, the framework measures the maturity of a company’s institutionalization of cybersecurity practices and processes.

Intended to serve as a verification mechanism, the CMMC hopes to ensure that appropriate levels of cybersecurity practices and processes are in place to confirm basic cyber hygiene. Additionally, this framework mitigates the risks to national economic security and national security through protection of controlled unclassified information.

The final CMMC version, which NSF will certify to, is scheduled to be released in January 2020.

Looking for more information? Visit our dedicated CMMC information page and sign up to receive updates.