Organizations working with the US DoD (Department of Defense) are held to increasingly stringent cybersecurity requirements. Since 2018, the DoD has required all defense contractors to be compliant with NIST 800-171, a government standard that lists 110 essential security controls. However, compliance has proved difficult for many prime and sub-contractors, particularly for small organizations.
To enforce universal contractor compliance with cybersecurity standards, the DoD has developed the Cybersecurity Maturity Model Certification (CMMC). This process requires defense contractors and sub-contractors to undergo a third-party audit, then receive a CMMC assessment (Level 1-5).
Beginning later in 2020, Requests for Proposals will begin requiring contractors to list their Cybersecurity Maturity Model Certification (CMMC) level. Over the next few years, CMMC compliance will be mandatory to bid on any DoD contracts.