In one of the biggest compliance shake-ups in a decade, the Department of Defense(DoD) has replaced its  self-assessment model with one of the most stringent cybersecurity frameworks ever devised: the Cybersecurity Maturation Model Certification(CMMC). What does this mean for organizations wanting to do business with the DoD? Let’s take a look.

DevOps Connect:DevSecOps @ RSAC 2022

What is CMMC?

CMMC is a new cybersecurity maturity standard for DoD contractors. Specifically, CMMC is designed to ensure all DoD contractors have sufficient security controls in place to protect sensitive information. Announced in mid 2019, version 1.0 of the standard was published in January 2020.

It could be argued that the DoD was forced to release CMMC, as many contractors failed to properly implement the previous self assessment model, paving the way for high profile breaches of prominent DoD contractors. Given that CMMC mandates a significantly higher standard of cybersecurity than its predecessor, it should significantly reduce (Read more...)