The Department of Defense’s (DoD) is taking a supply-chain risk-management approach to improving cybersecurity. They are implementing the Cybersecurity Maturity Model Certification (CMMC), which will require DoD contractors and researchers to obtain third-party certification. This new CMMC mandate includes university-based research labs and facilities—as well as FFDRCs (Federally Funded Research and Development Centers) and UARCs (University Affiliated Research Centers)—and thus CMMC compliance needs to be a part of a higher education institution’s information security strategy.
The Cybersecurity Maturity Model Certification (CMMC) is a set of policies and practices that address the protection of federal Controlled Unclassified Information (CUI) data through administrative, physical, and technical controls.
The first iteration of the Cybersecurity Maturity Model Certification program (CMMC 1.0) approached cybersecurity as an abstract set of rules that were largely removed from how security is practiced. The changes in CMMC 2.0 seem to be a direct response to the weaknesses of CMMC 1.0.
Browse Cybersecurity Maturity Model Certification (CMMC)