Cybersecurity Maturity Model Certification Framework (CMMC) Authoritative Source Content

Document created by Gloria Higley Employee on Apr 14, 2020Last modified by Susan Read-Miller on May 20, 2020
Version 9Show Document
  • View in full screen mode

The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) has developed the Cybersecurity Maturity Model Certification (CMMC) framework in concert with U.S. Department of Defense (DoD) stakeholders, University Affiliated Research Centers (UARCs), Federally Funded Research and Development Centers (FFRDCs), and the Defense Industrial Base (DIB) sector. 

 

This document focuses on the CMMC model which measures cybersecurity maturity with five levels and aligns a set of processes and practices with the type and sensitivity of information to be protected and the associated range of threats. The model consists of maturity processes and cybersecurity best practices from multiple cybersecurity standards, frameworks, and other references, as well as inputs from the broader community.

 

The CMMC framework adds a certification element to verify the implementation or possesses and practices associated with the achievement of a cybersecurity maturity level. CMMC is designed to provided increased assurance to the DoD that a DIB contractor can adequately protect Controlled Unclassified Information (CUI) at a level commensurate with the risk, accounting for information flow down to tits subcontractors in a multi-tier supply chain.

 

Languages

This content is available in English only.

 

Mappings

Mappings for the Cybersecurity Maturity Model Certification Framework (CMMC) Authoritative Source Content to the RSA Archer Control Standard Library are available in the authoritative source content pack.

 

Content Source

The source of this content comes from the Office of the Under Secretary of Defense for Acquisition & Sustainment Cybersecurity Maturity Model Certification website.

 

Licensing Restrictions

The Cybersecurity Maturity Model Certification Framework (CMMC) authoritative source content is available with the use of the RSA Archer Policy Program Management use case, the RSA Archer IT Policy Program Management use case, and/or the RSA Archer Assessment & Authorization use case. No additional license is required.

 

For More Information

To learn more about the Cybersecurity Maturity Model Certification Framework (CMMC) Authoritative Source Content:

 

For Additional Support

To learn more about this content, please contact your Account Rep for additional details. For technical support questions, please open a support case or contact RSA Archer at archersupport@rsa.com for more information.

Attachments

    Outcomes