The CMMC framework consists of five cumulative levels of cybersecurity maturity, ranging from “Foundational” at Level 1 to “Expert at Level 3. Each level progressively builds on the previous one, with increasing sophistication in cybersecurity practices and processes. Organizations must meet the requirements and be certified at a specific level to be eligible for certain types of contracts.
Requirements
CMMC Framework
Breaking Down
The CMMC Requirements
DFARS 7012
Defense Federal Acquisition
Regulation Supplement (DFARS) 7012
DFARS 7012 is a set of cybersecurity requirements that defense contractors must meet. It mandates that contractors provide adequate security to safeguard covered defense information on their networks and report cyber incidents. DFARS 7012 is closely tied to NIST SP 800-171 standards and serves as a precursor to CMMC.
NIST SP 800-171
The National Institute of
Standards and Technology (NIST) Special Publication 800-171
NIST 800-171 provides guidelines on protecting CUI on non-federal systems and organizations. This standard is integral to DFARS 7012 compliance and forms the foundation for many CMMC practices and processes.
