on Apr 14, 2020The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) has developed the Cybersecurity Maturity Model Certification (CMMC) framework in concert with U.S. Department of Defense (DoD) stakeholders, University Affiliated Research Centers (UARCs), Federally Funded Research and Development Centers (FFRDCs), and the Defense Industrial Base (DIB) sector.
This document focuses on the CMMC model which measures cybersecurity maturity with five levels and aligns a set of processes and practices with the type and sensitivity of information to be protected and the associated range of threats. The model consists of maturity processes and cybersecurity best practices from multiple cybersecurity standards, frameworks, and other references, as well as inputs from the broader community.
The CMMC framework adds a certification element to verify the implementation or possesses and practices associated with the achievement of a cybersecurity maturity level. CMMC is designed to provided increased assurance to the DoD that a DIB contractor can adequately protect Controlled Unclassified Information (CUI) at a level commensurate with the risk, accounting for information flow down to tits subcontractors in a multi-tier supply chain.
Languages
This content is available in English only.
Mappings
Mappings for the Cybersecurity Maturity Model Certification Framework (CMMC) Authoritative Source Content to the RSA Archer Control Standard Library are available in the authoritative source content pack.
Content Source
The source of this content comes from the Office of the Under Secretary of Defense for Acquisition & Sustainment Cybersecurity Maturity Model Certification website.
Licensing Restrictions
The Cybersecurity Maturity Model Certification Framework (CMMC) authoritative source content is available with the use of the RSA Archer Policy Program Management use case, the RSA Archer IT Policy Program Management use case, and/or the RSA Archer Assessment & Authorization use case. No additional license is required.
For More Information
To learn more about the Cybersecurity Maturity Model Certification Framework (CMMC) Authoritative Source Content:
- Review the RSA Archer Content Import Tip Sheet for instructions on how to import content; and
- Download the Cybersecurity Maturity Model Certification Framework (CMMC) Authoritative Source Content Package.
For Additional Support
To learn more about this content, please contact your Account Rep for additional details. For technical support questions, please open a support case or contact RSA Archer at archersupport@rsa.com for more information.