The Cybersecurity Maturity Model Certification (CMMC) framework is a verification mechanism designed to measure the organizations’ maturity regarding the protection of unclassified information such as Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). CMMC is a new set of cybersecurity standards that encompasses various cybersecurity standards, references, and other best practices. It comprises a number of processes and practices which are mapped across five cumulative certification levels.

The CMMC model is developed and managed by the Department of Defense (DoD) and is considered to be the DoD’s response to potential compromises of sensitive information that resides on Defense Industrial Base (DIB) systems and networks. CMMC Accreditation Body (AB), on the other hand, is the sole authoritative source for the operationalization of CMMC assessments and training.