Skip to Main Content

Cybersecurity Maturity Model Certification (CMMC)

Cybersecurity Maturity Model Certification (CMMC) Logo

 

Enroll for the Certified CMMC Professional (CCP) Certification. Be compliant with the new regulations by learning from the experts. Capitol Tech has been offering cyber security education and training since 2001. Join us for CMMC training with an AB License Training Provider.


What is CMMC?

In 2019 the Department of Defense (DoD) announced the creation of the Cybersecurity Maturity Model Certification (CMMC) to govern the Defense Industrial Base (DIB). Cybersecurity Maturity Model Certification (CMMC) puts an end to self-assessment and requires a third-party assessor to verify the cybersecurity maturity level.

The CMMC builds from NIST 800-171 but also includes controls from other cybersecurity frameworks. Where CMMC differs is in both the maturity model and the role of third-party assessors.

On November 4, 2021 the Department of Defense unveiled an update to the Cybersecurity Maturity Model Certification framework – CMMC 2.0 – to streamline compliance, increase flexibility, and lower cost for manufacturers and IT providers.


About CMMC 2.0

Cybersecurity Maturity Model Certification (CMMC) is the new unifying standard for the implementation of cybersecurity across the Defense Industrial Base (DIB).

This new CMMC framework includes a comprehensive and scalable certification element to verify the implementation of processes and practices associated with the achievement of a cybersecurity maturity level. CMMC is designed to provide increased assurance to the Department that a DIB company can adequately protect sensitive unclassified information, accounting for information flow down to subcontractors in a multi-tier supply chain. Roughly 300,000 Department of Defense contractors make up the DIB. These contractors must all be CMMC-certified by September 30, 2025.

  • CMMC is a new mandate for implementing cybersecurity standards across the DIB.
  • The certificate allows organizations to do business with DoD and to bid on DoD contracts.
  • By 2025 all DoD suppliers need CMMC Certification to continue to bid for contracts.
  • The standard is overseen by the CMMC Accreditation Body (CMMC-AB).

On November 4, 2021 the Department of Defense unveiled an update to the Cybersecurity Maturity Model Certification framework to streamline compliance, increase flexibility, and lower cost for manufacturers and IT providers.

As a nation we must protect the supply chain of 300,000 companies globally.

Department of Defense CMMC Model

The DoD created the CMMC model as a cybersecurity standard for the DID. CMMC assessments initially occurred across five levels of maturity, with level 1 requiring the most basic cybersecurity and level 5 requiring the most advanced.

With CMMC 2.0, the DoD is making changes to the CMMC standards and collapsing the model into three levels, down from the previous five. CMMC 2.0 now becomes the DoD’s methodology for holding its supply chain accountable to the implementation of the FAR 52.204-21 and DFARS 252.204-7012 clauses, which means that it will replace CMMC 1.0. The overarching goal of the model remains the same, however: protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). To simplify the assessment process, the CMMC model has been reduced from five tiers to three:

CMMC Model 2.0

 

Contractors can begin by identifying which level their organization falls under:

  • Level 1 (Foundational) – Nothing has really changed with this level in the newer model. If you handle FCI but not CUI, you fall into a Level 1. These organizations are expected to implement the Federal Acquisition Regulation’s 17 most basic cybersecurity controls. ALL Federal contractors are required to implement these 17 basic safeguards, which focus for instance on physical protection and access control. Although this is the lowest level, implementing these controls is not an overnight process, so contractors should remain diligent when doing so.
  • Level 2 (Advanced) – Formerly Level 2/3. If your business is in the manufacturing sector, and/or provides parts and services for weapons, and it is very likely that your small business will fall under this category
  • Level 3 (Expert) – Formerly Level 4/5. Large prime contractors and those of us that work on super critical national security programs that are significant targets of nation-state adversaries and any Advanced Persistent Threat (APT) will have to focus on Level 3. These organizations handle CUI, but they also likely handle secret and, potentially, top-secret information.

 


Modules

CyberDI Logo

 

Capitol Tech has partnered with CyberDI- Our team includes highly knowledgeable members of the CMMC eco system who have deep understanding of the development of the current CMMC requirements based on Federal cyber requirements of the past 20 years.

Courses are designed by cybersecurity experts, instructional designers, and educational psychologists.

Professionals in the space who are assisting companies today to develop system architectures to meet the DoD requirements.


 

Enroll for the Certified CMMC Professional (CCP) Certification. Be compliant with the new regulations by learning from the experts.


Please email proed@captechu.edu

Or contact Iris Lieberman, Associate Director of Admissions at 301-655-2119