It will be implemented through the acquisition and contracting process with limited exceptions, and the Department intends to require compliance with CMMC as a condition of contract award.

CMMC assessment requirements address cybersecurity-related risk to CUI and apply only when the CUI is processed, stored, or transmitted on a contractor-owned information technology system.

To strengthen DIB cybersecurity and better safeguard DoD information, the DoD developed the Cybersecurity Maturity Model Certification (CMMC) Program to assess DoD cybersecurity …

Jul 22, 2025 · CMMC aims to establish an agreeable and verifiable baseline level of security for handling sensitive unclassified government information and CUI. CMMC also provides an official process of …

Apr 2, 2025 · The Cybersecurity Maturity Model Certification (CMMC) is a new DoD standard to ensure security of Federal Contract Information (FCI) and CUI within the Defense Industrial Base (DIB).

Who needs to obtain a CMMC Certification? Defense contractors or subcontractors who process, store, or transmit Federal Contract Information (FCI) or Controlled Unclassified Information (CUI) will be …

Aug 18, 2025 · In the context of CMMC, CUI is the key differentiator between Level 1 and Level 2 compliance. CMMC Level 1 applies to contractors that handle Federal Contract Information (FCI) …

While CMMC focuses on overall cybersecurity readiness, it includes specific requirements for protecting CUI. Organizations seeking to participate in DoD contracts must achieve the appropriate CMMC …

Mar 11, 2020 · The CUI Institute is not affiliated with or endorsed by the US Department of Defense or the Cybersecurity Maturity Model Certification Accreditation Body (The Cyber AB).

CMMC is a set of standards and best practices for protecting CUI. It is used by the United States Department of Defense (DoD) and other government agencies to ensure that contractors are taking …