Cybersecurity Maturity Model Certification

Securing your compliance with the US Department of Defense’s cyber hygiene standards

WHAT IS THE CMMC?

Modeled after NIST 800-171and various other standards, the Cybersecurity Maturity Model Certification(CMMC) is a framework of cybersecurity practices that will better protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). Department of Defense industry partners will need to have in place before they can win a government contract. DoD will no longer accept companies’ “self-assessment” against these controls. Compliance with CMMC at Level 1 or ‘basic cyber hygiene’ – will be a “go/no go decision” for companies seeking to compete for DoD contracts. In the near future, certified independent 3rd party organizations (C3PAOs) will conduct company audits to verify compliance to CMMC controls.

DOES IT APPLY TO MY ORGANIZATION?

If you plan to do business with the DoD, the CMMC applies to your organization, regardless of size. Every organization must comply with CMMC Level 1, or ‘basic cyber hygiene’.

HOW CAN TRUE INFORMATION ASSURANCE HELP?

If you would like to learn about the CMMC framework and do an easy, online pre-assessment, True’s CMMC SABRE (SmAll Business Readiness) toolis for you.
If you are familiar with CMMC and/or NIST 800-171 controls, True can help your company prepare for a future C3PAO CMMC assessment.