What is Cybersecurity Maturity Model Certification? Who does it apply to? Why is it necessary? When does it become a requirement? How do you get started?

All good questions, ones that we will seek to answer below.

What is Cybersecurity Maturity Model Certification?

According to the Lockheed Martin website, CMMC is a new requirement for existing U.S. DoD contrators - "The CMMC is intended to serve as a verification mechanism to ensure appropriate levels of cybersecurity controls and processes are adequate and in place to protect controlled unclassified information (CUI) that resides on contractor / subcontractor networks."

Who does it apply to?

Defense contractors and subcontractors, anyone who is working with the U.S. Department of Defense.

Why is it necessary?

The U.S. DoD answered this succinctly in their memorandum on understanding Cybersecurity Maturity Model Certification: "CMMC has, and will remain a priority for the Department, and will safeguard our enterprise against cyber theft losses that cost our Nation $100 billion annually, and $600 billion worldwide, equating to 1% of global GDP." 

CMMC is already evolving...

September 2020 - the DoD publishes an interm rule  to the DFARS in the Federal Register for the initial version of the CMMC program.

March 2021 - the Dod initiates an internal review of CMMC implementation, influenced by public comments, this assessment leads to a refinement of the policy and program by cybersecurity leaders.

November - the DoD announces CMMC 2.0, an updated program structure with new requirements, informed by the internal review's findings.


References and Additional Resources:

Lockheed Martin:


United States Department of Defense:


CSO Magazine:


CMMC Accreditation Body or CMMC-AB




How do you get started with the certification process?

To learn more about Cybersecurity Maturity Model Certification (CMMC), and how the Smithers Quality Assessments Division can help, please reach out to us and we will be in contact with you shortly.

Learn more about Cybersecurity Maturity Model Certification (CMMC):

Contact us

Lead Consultant

Perseus Information 
Security Consulting

Tampa, FL



Latest Resources

See all resources