Cybersecurity Reference > Glossary
Cybersecurity Maturity Model Certification (CMMC)
A Cybersecurity Maturity Model Certification (CMMC) is a framework that measures and verifies cybersecurity practices across the Defense Industrial Base.
Developed by the US Department of Defense, CMMC establishes cybersecurity requirements that defense contractors and subcontractors must meet to qualify for certain contracts involving Controlled Unclassified Information (CUI) or Federal Contract Information (FCI).
The framework consists of multiple maturity levels, each building upon the previous level's security controls and practices. Organizations must achieve certification at the appropriate level based on the sensitivity of the information they handle. Level 1 focuses on basic cyber hygiene for FCI, while higher levels require increasingly sophisticated security measures for CUI protection.
CMMC certification must be obtained through authorized third-party assessment organizations (C3PAOs) and involves both self-assessments and formal audits. The certification is time-limited and requires periodic reassessment to maintain compliance. Unlike previous self-attestation models, CMMC requires independent verification of cybersecurity implementations, making it a more rigorous standard that aims to strengthen the entire defense supply chain against cyber threats.
Need Help Achieving CMMC Compliance?
Plurilock's CMMC readiness services ensure your organization meets all certification requirements.
Get CMMC Ready Today → Learn more →Downloadable References
Sample Governance Policy for AI Use
Establishing Guardrails for AI Whitepaper
