Cybersecurity Maturity Model Certification Framework (CMMC) Authoritative Source Content
The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) has developed the Cybersecurity Maturity Model Certification (CMMC) framework in concert with U.S. Department of Defense (DoD) stakeholders, University Affiliated Research Centers (UARCs), Federally Funded Research and Development Centers (FFRDCs), and the Defense Industrial Base (DIB) sector.
This document focuses on the CMMC model which measures cybersecurity maturity with five levels and aligns a set of processes and practices with the type and sensitivity of information to be protected and the associated range of threats. The model consists of maturity processes and cybersecurity best practices from multiple cybersecurity standards, frameworks, and other references, as well as inputs from the broader community.
The CMMC framework adds a certification element to verify the implementation or possesses and practices associated with the achievement of a cybersecurity maturity level. CMMC is designed to provided increased assurance to the DoD that a DIB contractor can adequately protect Controlled Unclassified Information (CUI) at a level commensurate with the risk, accounting for information flow down to tits subcontractors in a multi-tier supply chain.
This content is available in English only.
Mappings for the Cybersecurity Maturity Model Certification Framework (CMMC) Authoritative Source Content to theRSA Archer Control Standard Libraryare available in the authoritative source content pack.
The source of this content comes from the Office of the Under Secretary of Defense for Acquisition & Sustainment Cybersecurity Maturity Model Certification website.
The Cybersecurity Maturity Model Certification Framework (CMMC) authoritative source content is available with the use of the RSA Archer Policy Program Management use case, the RSA Archer IT Policy Program Management use case, and/or the RSA ArcherAssessment & Authorizationuse case. No additional license is required.
For More Information
To learn more about the Cybersecurity Maturity Model Certification Framework (CMMC) Authoritative Source Content:
To learn more about this content, please contact your Account Rep for additional details. For technical support questions, please open a support case or contact RSA Archer at firstname.lastname@example.org for more information.