Skip to content
PCI QSAs: automate your PCI ROC reporting using 6clicks Pixel Perfect™. Click here to learn more. 👀 🚀

Join the hundreds of companies that trust 6clicks

qld-gov-logo

vic-gov-logo.png

nsw-gov-logo

Accel-IT-logo

TCS-logo-new

Melbourne-Racing-Club-logo

flybuys-logo

BDO-logo-resized-1

Trusted-Impact-Logo-resized

PS-Logo-nobg

ICT Legal - Favicon

riskcom-logo

EY-logo

devicedesk

Fisher-Leadership-logo

insync-logo1

Maddocks

KordaMentha_Logo

Picture1

Terms

AFSL Authorised Representative AICPA Annex A Controls ASIC Attestation of Compliance (AOC) Business Continuity Management Compliance Automation Software Compliance Risk Management Cybersecurity Maturity Model Certification (CMMC) FedRAMP Governance Risk & Compliance (GRC) GPDR HIPAA HITRUST Incident Management Information Security Management System (ISMS) ISMS Governing Body ISO 27001 Notifiable Data Breach OAIC Policy Management SOC 1 SOC 2 SOC 3 SOC Reports SOC Trust Services Criteria (TSC) SSAE 16 SSAE 18 Third Party Risk Management Vendor Assessment Vendor Management Policy Vendor Review Vulnerability Vulnerability Management
Cyber security

What is the CMMC?

The Cybersecurity Maturity Model Certification (CMMC) is a unified standard for implementing cybersecurity across the defense industrial base (DIB), which includes over 300,000 companies in the supply chain. The CMMC is the DoD's response to significant compromises of sensitive defense information located on contractors' information systems.

The US Department of Defense (DoD) released the CMMC on January 31, 2020. It was drafted with significant input from University Affiliated Research Centers, Federally Funded Research and Development Centers, and industry.

The CMMC establishes five certification levels that reflect the maturity and reliability of a company's cybersecurity infrastructure to safeguard sensitive government information on contractors' information systems. The five levels are tiered and build upon each other's technical requirements. Each level requires compliance with the lower-level requirements and institutionalization of additional processes to implement specific cybersecurity-based practices.