Q: What is CMMC?

​

A: The Cybersecurity Maturity Model Certification (CMMC) is a framework developed by the U.S. Department of Defense (DoD) to ensure that all defense contractors and their sub-contractors maintain appropriate levels of cybersecurity.

​

Q: Why was CMMC created?

​

A: The CMMC framework was created to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) in the possession of defense contractors.

​

Q: Who needs to be CMMC certified?

​

A: All defense contractors and their sub-contractors who handle FCI and CUI must be CMMC certified.

​

Q: What are the different maturity levels in CMMC?

​

A: The CMMC framework includes 3 maturity levels, ranging from basic cyber hygiene practices to advanced, highly secure environments.

​

Q: How does an organization become CMMC certified?

​

A: Organizations must undergo an assessment and certification process by a third-party organization accredited by the CMMC Accreditation Body (CMMC-AB).

​

Q: How often does an organization need to be re-certified?

​

A: The frequency of re-certification depends on the maturity level and the specific requirements of each contract. It is typically done every 3 years.

​

Q: What happens if an organization is not CMMC certified?

​

A: Organizations that are not CMMC certified will not be eligible to bid on and perform DoD contracts.

​

Q: What are the consequences of not following CMMC standards?

​

A: Organizations that do not follow CMMC standards could face legal or financial penalties, loss of contracts, and damage to reputation.

​