The Department of Defense (DoD) is developing the Cybersecurity Maturity Model Certification (CMMC), a new framework designed to assess and enhance the cybersecurity posture of the Defense Industrial Base (DIB) and its suppliers. Although CMMC is in the development phase, all organizations that provide services to the DoD will need to be certified as early as June 2020 in order to bid on DoD solicitations.
The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) recognizes that security is foundational to acquisition and should not be traded along with cost, schedule, and performance moving forward. The Department is committed to working with the Defense Industrial Base (DIB) sector to enhance the protection of controlled unclassified information (CUI) within the supply chain.
OUSD(A&S) is working with DoD stakeholders, University Affiliated Research Centers (UARCs), Federally Funded Research and Development Centers (FFRDC), and industry to develop the Cybersecurity Maturity Model Certification (CMMC).