CMMC Resources

The Cyber AB will provide information and set requirements for prospective C3PAOs and individual assessors. Prospective C3PAOs and assessors should reference the Cyber AB website.

To safeguard sensitive national security information, the Department of Defense (DoD) launched CMMC 2.0, a comprehensive framework to protect the defense industrial base’s (DIB) sensitive unclassified information from frequent and increasingly complex cyberattacks. With its streamlined requirements, CMMC 2.0: Simplifies compliance by allowing self-assessment for some requirements, Applies priorities for protecting DoD information, and Reinforces cooperation between the DoD and industry in addressing evolving cyber threats.

This document provides assessment guidance for Level 1 of the Cybersecurity Maturity Model Certification (CMMC).

This document provides assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 2.

Certification Assistant streamlines the implementation of practices and processes necessary for accurate self-assessment and evidence collection while paving the way to CMMC-certification success.

Exostar CMMC information site provides timelines, FAQs, and updates on development of the CMMC.

DECEMBER 2020 - In this SEI Podcast, Andrew Hoover and Katie Stewart, architects of the CMMC model, discuss the CMMC assessment guides, how they were developed, and how they can be used

MARCH 2020 - CMMC Model Structure and Development 

JUNE 2020 - Twenty additional practices within CMMC that make DoD more security conscious 

SEPTEMBER 2020 - Andrew Hoover and Katie Stewart, architects of the Cybersecurity Maturity Model Certification (CMMC), discuss how assessed DIB organizations are scored according to the model

JUNE 2020 - An overview of process maturity and SEI's history with measuring process maturity 

AUGUST 2020 - Andrew Hoover and Katie Stewart, architects of the Cybersecurity Maturity Model Certification (CMMC), present guidelines for developing an effective CMMC policy

JULY 2020 - Andrew Hoover and Katie Stewart, architects of the Cybersecurity Maturity Model Certification (CMMC), discuss process documentation, a Level 2 requirement

AUGUST 2020 - Identifying critical assets and scoping for CMMC assessment 

JANURARY 2021 - A list of bew SEI Podcasts that dive deep into CMMC Assessment Guides

OCTOBER 2020 - Andrew Hoover and Katie Stewart, architects of the CMMC model, discuss the Level 5 process maturity requirements, which are standardizing and optimizing a documented approach for CMMC

OCTOBER 2020 - Andrew Hoover and Katie Stewart, architects of the CMMC model, discuss reviewing and communicating CMMC activities and measuring those activities for effectiveness, which are requirements of Level 4 of the model

DECEMBER 2020 - Andrew Hoover and Katie Stewart, architects of the CMMC model, discuss the Level 1 Assessment Guide for the CMMC.

DECEMBER 2020 - Andrew Hoover and Katie Stewart discuss the Level 3 Assessment Guide for CMMC

Representatives from several primes are discussing the impact of CMMC on the supplier base. These primes include Jeffrey Dodson (BAE Systems), Christopher Page (Huntington Ingalls Industries), Mike Gordon (Lockheed Martin), and Noble Dean (L3Harris).

This video is an hour long presentation conducted by Carnegie Mellon SEI to discuss the process maturity for CMMC.

The collective information in this presentation, "A Banquet of Consequences: The Story of CUI, DFARS, and CMMC", explains the historical actions that culminated into CMMC and its inherited traits. Furthermore, viewers can expect to garner insights on the future of CMMC and its permanence, regardless of delays. Mr. Horne spares no detail, but tactfully credits the CMMC AB and other parties involved with current efforts.

October 24, 2019: DoD has announced CMMC as a unified cybersecurity standard to be consistently applied to all organizations across the Defense Industrial Base. CMMC certification becomes a requirement in 2020. It will greatly enhance the cybersecurity of the supply chain, but will also enforce new requirements for your organization to participate on any DoD contract. CMMC requires certification by an accredited third party and is pass/fail. Watch Ms. Arrington's CMMC introduction.