The US Department of Defense (DoD) has finalized the Cybersecurity Maturity Model Certification (CMMC) program, enabling officials to evaluate defense contractors' cybersecurity protections. With a focus on federal contract information (FCI) and controlled unclassified information (CUI), the CMMC will ensure contractors meet cybersecurity standards aligned with Federal Acquisition Regulation and NIST Special Publications. The program aims to hold individuals accountable for misrepresenting cybersecurity practices and violations
Contractors need CMMC certification to bid for DoD contracts. The CMMC consists of levels verifying protection of FCI and CUI against cyber threats. The DoD's transition from self-attestation to CMMC aims to streamline security assessments, aiding small and medium-sized businesses. The new CMMC version includes Plans of Action and Milestones for conditional certification while meeting NIST requirements. Defense contractors undergo self-assessment for basic, general, or advanced CUI protection levels in CMMC. The program identifies 24 NIST SP 800-172 requirements for Level 3 certification, enhancing defense contractors' cybersecurity postures. ```https://www.infosecurity-magazine.com/news/dod-cybersecurity-standards/