Cmmc

1. The CMMC is a certification procedure developed by the Department of Defense (DoD) to certify contractors have the controls to protect sensitive data including Federal Contract Information and Controlled Unclassified Information (CUI). The CMMC Model is based on the best-practices of different cybersecurity standards including NIST SP 800-171, NIST SP 800-53, ISO 27001, ISO 27032, AIA NAS9933 and others into one cohesive standard for cybersecurity. The Domains have seventeen (17) sections listed below:
2.  
3. Access Control
4. Asset Management
5. Audit and Accountability
6. Awareness and Training
7. Configuration Management
8. Identification and Authentication
9. Incident Response
10. Maintenance
11. Media Protection
12. Personnel Security
13. Physical Security
14. Recovery
15. Risk Management
16. Security Assessment
17. Situational Awareness
18. Systems and Communications Protection
19. System and Information Integrity
20. The CMMC contains five levels ranging from basic hygiene controls to state-of-the-art controls, but unlike NIST 800-171, the CMMC will not contain a self-assessment component. Every organization that plans to conduct business with the Department of Defense will be required to undergo an audit by an authorized auditing entity before bidding on a contract or subcontracting to a prime.