Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
A U.S. DoD framework ensuring defense contractors demonstrate specific cybersecurity capabilities and processes.
Cybersecurity Maturity Model Certification (CMMC) Definition: A U.S. DoD framework ensuring defense contractors demonstrate specific cybersecurity capabilities and processes.
Cybersecurity Maturity Model Certification (CMMC) represents the Department of Defense's effort to ensure that defense contractors adequately protect sensitive information by requiring verification of their security practices. Unlike self-attestation models that proved inadequate, CMMC requires organizations to demonstrate actual implementation of security controls appropriate to the sensitivity of information they handle. The current CMMC 2.0 model defines three progressive levels—Foundational, Advanced, and Expert—with specific practices required at each level. Defense contractors must achieve certification at the appropriate level before bidding on contracts that handle federal contract information or controlled unclassified information. The certification process involves assessment by authorized third-party assessment organizations (for Level 2 and above), with certifications generally valid for three years. What makes CMMC particularly challenging is that it requires not just implementing controls, but demonstrating sustained, institutionalized cybersecurity practices. Organizations preparing for certification typically invest in significant security improvements, documentation of practices, and readiness assessments to identify and address gaps before formal evaluation.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →