Skip to content
Security & data standard

CMMC

Cybersecurity maturity for defense contractors.

Applies to: Defense industrial base

What it is

The Cybersecurity Maturity Model Certification is the DoD's framework for protecting Controlled Unclassified Information across the defense supply chain.

Levels 1 through 3 set increasing requirements based on the sensitivity of information handled.

Who must comply

  • DoD prime contractors and subcontractors
  • Suppliers anywhere in the defense supply chain

Key requirements

  • Implementation of NIST SP 800-171 controls
  • Documented system security plans
  • Third party assessments at higher levels
Risks of non-compliance

Loss of DoD contracts and removal from the supply chain.

This is educational and not legal advice. Talk to your attorney about your specific exposure.

How Scale helps

We help DoD suppliers stand up the controls and documentation CMMC assessors expect.

Scale Modern Business Solutions