Below you will find helpful links and videos that provide more information about CMMC.
- The CMMC Accreditation Body Website
The CMMC AB will provide information and set requirements for prospective C3PAOs and individual assessors. Prospective C3PAOs and assessors should reference the CMMC AB website.
- U.S Department of Defense Chief Information Officer Cybersecurity Certification Maturity Model (CMMC)
To safeguard sensitive national security information, the Department of Defense (DoD) launched CMMC 2.0, a comprehensive framework to protect the defense industrial base’s (DIB) sensitive unclassified information from frequent and increasingly complex cyberattacks. With its streamlined requirements, CMMC 2.0: Simplifies compliance by allowing self-assessment for some requirements, Applies priorities for protecting DoD information, and Reinforces cooperation between the DoD and industry in addressing evolving cyber threats.
- CMMC Center of Excellence (CMMC-CoE)
The CMMC Center of Excellence is an IT-AAC sponsored and hosted public – private partnership that will be the focal point for coordination, communication, and collaboration in support of entities seeking to achieve the Cybersecurity Maturity Model Certification requirements, to improve and enhance the cybersecurity and overall security of the supply chain for the defense industrial base and the United States Department of Defense.
- CMMC Level 1 Assessment Guide
This document provides assessment guidance for Level 1 of the Cybersecurity Maturity Model Certification (CMMC).
- CMMC Level 2 Assessment Guide
This document provides assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 2.
- Exostar – CMMC Certification Assistant
Certification Assistant streamlines the implementation of practices and processes necessary for accurate self-assessment and evidence collection while paving the way to CMMC-certification success.
- Exostar Cybersecurity Maturity Model Information Site
Exostar CMMC information site provides timelines, FAQs, and updates on development of the CMMC.
- An Introduction to CMMC Assessment Guides
DECEMBER 2020 - In this SEI Podcast, Andrew Hoover and Katie Stewart, architects of the CMMC model, discuss the CMMC assessment guides, how they were developed, and how they can be used
- An Introduction to the Cybersecurity Maturity Model Certification (CMMC)
MARCH 2020 - CMMC Model Structure and Development
- Beyond NIST SP 800-171: 20 Additional Practices in CMMC
JUNE 2020 - Twenty additional practices within CMMC that make DoD more security conscious
- CMMC Scoring 101
SEPTEMBER 2020 - Andrew Hoover and Katie Stewart, architects of the Cybersecurity Maturity Model Certification (CMMC), discuss how assessed DIB organizations are scored according to the model
- Cybersecurity Maturity Model Certification (CMMC) Part 2: Process Maturity’s Role in Cybersecurity
JUNE 2020 - An overview of process maturity and SEI's history with measuring process maturity
- Developing an Effective CMMC Policy
AUGUST 2020 - Andrew Hoover and Katie Stewart, architects of the Cybersecurity Maturity Model Certification (CMMC), present guidelines for developing an effective CMMC policy
- Documenting Process for CMMC
JULY 2020 - Andrew Hoover and Katie Stewart, architects of the Cybersecurity Maturity Model Certification (CMMC), discuss process documentation, a Level 2 requirement
- Follow the CUI: 4 Steps to Starting Your CMMC Assessment
AUGUST 2020 - Identifying critical assets and scoping for CMMC assessment
- New SEI Podcasts Dive Deep into CMMC Assessment Guides
JANURARY 2021 - A list of bew SEI Podcasts that dive deep into CMMC Assessment Guides
- Optimizing Process Maturity in CMMC Level 5
OCTOBER 2020 - Andrew Hoover and Katie Stewart, architects of the CMMC model, discuss the Level 5 process maturity requirements, which are standardizing and optimizing a documented approach for CMMC
- Reviewing and Measuring Activities for Effectiveness in CMMC Level 4
OCTOBER 2020 - Andrew Hoover and Katie Stewart, architects of the CMMC model, discuss reviewing and communicating CMMC activities and measuring those activities for effectiveness, which are requirements of Level 4 of the model
- The CMMC Level 1 Assessment Guide: A Closer Look
DECEMBER 2020 - Andrew Hoover and Katie Stewart, architects of the CMMC model, discuss the Level 1 Assessment Guide for the CMMC.
- The CMMC Level 3 Assessment Guide: A Closer Look
DECEMBER 2020 - Andrew Hoover and Katie Stewart discuss the Level 3 Assessment Guide for CMMC
- YouTube – Detailed Analysis of CMMC’s Impact on Suppliers
Representatives from several primes are discussing the impact of CMMC on the supplier base. These primes include Jeffrey Dodson (BAE Systems), Christopher Page (Huntington Ingalls Industries), Mike Gordon (Lockheed Martin), and Noble Dean (L3Harris).
- YouTube – The DoD’s Cybersecurity Maturity Model Certification and Process Maturity
This video is an hour long presentation conducted by Carnegie Mellon SEI to discuss the process maturity for CMMC.
- YouTube – Understanding Cybersecurity Maturity Model Certification (CMMC): How it will affect your organization and how to prepare.
October 24, 2019: DoD has announced CMMC as a unified cybersecurity standard to be consistently applied to all organizations across the Defense Industrial Base. CMMC certification becomes a requirement in 2020. It will greatly enhance the cybersecurity of the supply chain, but will also enforce new requirements for your organization to participate on any DoD contract. CMMC requires certification by an accredited third party and is pass/fail. Watch Ms. Arrington's CMMC introduction.
The external user forum links below can be used to seek assistance outside of the CyberAssist webpage. The DIB SCC neither monitors nor moderates these communities.
A reddit community with information, guidance, and assistance for meeting the new DoD CMMC rating guidelines. A reddit community for navigating the complicated world of NIST Publications and their controls. This includes discussions, resource sharing, news, and recommendations for solutions. Collaboration on implementing and maintaining NIST SP 800-53 & NIST SP 800-171 controls.