Q: What is CMMC?
A: The Cybersecurity Maturity Model Certification (CMMC) is a framework developed by the U.S. Department of Defense (DoD) to ensure that all defense contractors and their sub-contractors maintain appropriate levels of cybersecurity.
Q: Why was CMMC created?
A: The CMMC framework was created to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) in the possession of defense contractors.
Q: Who needs to be CMMC certified?
A: All defense contractors and their sub-contractors who handle FCI and CUI must be CMMC certified.
Q: What are the different maturity levels in CMMC?
A: The CMMC framework includes 3 maturity levels, ranging from basic cyber hygiene practices to advanced, highly secure environments.
Q: How does an organization become CMMC certified?
A: Organizations must undergo an assessment and certification process by a third-party organization accredited by the CMMC Accreditation Body (CMMC-AB).
Q: How often does an organization need to be re-certified?
A: The frequency of re-certification depends on the maturity level and the specific requirements of each contract. It is typically done every 3 years.
Q: What happens if an organization is not CMMC certified?
A: Organizations that are not CMMC certified will not be eligible to bid on and perform DoD contracts.
Q: What are the consequences of not following CMMC standards?
A: Organizations that do not follow CMMC standards could face legal or financial penalties, loss of contracts, and damage to reputation.