Glossary definition: Cybersecurity Maturity Model Certification (CMMC)

CMMC: Certification for Cybersecurity Maturity

Cybersecurity Maturity Model Certification (CMMC) is a certification program created by the United States Department of Defense (DoD) to ensure that all organizations that handle Controlled Unclassified Information (CUI) comply with the DoD’s cybersecurity standards. The CMMC is a five-level certification system that assesses the maturity of an organization’s cybersecurity practices, processes, and procedures. The five levels are Basic Cyber Hygiene, Cyber Hygiene, Intermediate, Advanced, and Progressive. Each level builds upon the previous one and provides a comprehensive set of security requirements that must be met in order to achieve the next level. The CMMC certification is designed to be an ongoing process that organizations must go through in order to maintain their certification. The certification is valid for three years, after which organizations must renew their certification in order to remain compliant with the DoD’s security requirements. The CMMC is intended to help ensure that all organizations handling CUI are properly secured and that the data remains secure.