CMMC: Cybersecurity Maturity Model Certification

What is CMMC?

The Cybersecurity Maturity Model Certification (CMMC) is an assessment program created to verify compliance with safeguarding controlled unclassified information across the Defense Industrial Base (DIB) by addressing the gaps in prior regulatory requirements. The Department of Defense (DoD) found that private sector organizations doing business with the federal government were not satisfying the requirements specified in Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012. The requirements included the implementation of the National Institute of Standards and Technology (NIST) SP 800-171 for systems processing Covered Defense Information but did not include official certification or compliance reporting mechanisms. This resulted in organizations not fully implementing controls to a consistent maturity level, ultimately putting the government supply chain at risk.

For government contractors fulfilling Department of Defense (DoD) contracts, complying with the Cybersecurity Maturity Model Certification (CMMC) requirements is crucial. Contractors handling Federal Contract Information (FCI) or Controlled Unclassified Information (CUI) will need to meet Maturity Levels 1, 2 or 3.

To work with the most critical defense programs, organizations will need to meet Maturity Level 3. Contract requirements will specify Maturity Level requirements, which will flow down only to subcontractors working with controlled unclassified information. Therefore, it's important to identify the type of data being stored.

CMMC Explained

CMMC Resources

CMMC Government Contracting Guide

It’s no secret that cybersecurity compliance regulations continue to evolve and become more prescriptive. With the increased activities of hackers and cybercriminals, it’s critical for your business operations to stay ahead of regulations like CMMC 2.0 – and be prepared. Discover the steps you can take to assess your readiness and develop your strategy.

Prepare for CMMC 2.0

Top Cybersecurity Regulations You Should Know

The Federal Government is increasingly focused on cybersecurity requirements for government contractors, especially those working with the Department of Defense (DoD). Are you familiar with all the regulations and what they mean for your business?

Watch: Cybersecurity Regulations

Gaining CMMC Compliance and Audit Support with Deltek

“CMMC isn’t only important to us but also Deltek, and you can see this by the investments they have made in cybersecurity and compliance.”

Applied Insight

Applied Insight Success Story

CMMC Compliance Through Deltek ERP

Deltek is dedicated to protecting your data by ensuring our capabilities meet the constantly changing security landscape. We are continuously adjusting our suite of products and services to support your cyber posture by increasing our investment in security, compliance, and supporting technologies for our customers – easing and scaling the management of systems for your teams.

The DoD has mandated that all government contractors competing for DoD contracts are CMMC 2.0 certified. While this mandate may seem to be in the distant future, the security controls that are the foundation of CMMC compliance are required for defense contractors. Today, contractors are making it a top priority to find a Cloud Service Provider (CSP) that offers an ERP solution that will support their CMMC 2.0 compliance efforts by meeting DFARs requirements such as NIST 800-171, ITAR, and FedRAMP Moderate controls. It’s important to invest in a CSP and a solution that helps address all your requirements as a one-stop-shop, partnering with you as new compliance initiatives develop in the future, with the understanding that compliance frameworks are a shared responsibility. At Deltek, we’re dedicated to being that trusted partner.

ERP for Government Contractors