Security & data standard
CMMC
Cybersecurity maturity for defense contractors.
Applies to: Defense industrial baseWhat it is
The Cybersecurity Maturity Model Certification is the DoD's framework for protecting Controlled Unclassified Information across the defense supply chain.
Levels 1 through 3 set increasing requirements based on the sensitivity of information handled.
Who must comply
- DoD prime contractors and subcontractors
- Suppliers anywhere in the defense supply chain
Key requirements
- Implementation of NIST SP 800-171 controls
- Documented system security plans
- Third party assessments at higher levels
Risks of non-compliance
Loss of DoD contracts and removal from the supply chain.
This is educational and not legal advice. Talk to your attorney about your specific exposure.
How Scale helps
We help DoD suppliers stand up the controls and documentation CMMC assessors expect.
