The Cybersecurity Maturity Model Certification process measures a DoD contractor’s ability to protect Federal Contract Information and Controlled Unclassified Information, and contractors and their subcontractors will need to pass a CMMC audit conducted by an independent third party before bidding on new contracts. It requires DoD contractors to obtain a rating, from Level 1 through Level 5, measuring cybersecurity maturity across 17 domain areas. The level required of a contractor won’t necessarily apply to a subcontractor on the same contract, but will instead depend on their role and the information it needs from the prime contractor.
