cancel
Showing results for 
Search instead for 
Did you mean: 
No ratings
GloriaHigley
Archer Employee
Archer Employee

The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) has developed the Cybersecurity Maturity Model Certification (CMMC) framework in concert with U.S. Department of Defense (DoD) stakeholders, University Affiliated Research Centers (UARCs), Federally Funded Research and Development Centers (FFRDCs), and the Defense Industrial Base (DIB) sector. 

This document focuses on the CMMC model which measures cybersecurity maturity with five levels and aligns a set of processes and practices with the type and sensitivity of information to be protected and the associated range of threats. The model consists of maturity processes and cybersecurity best practices from multiple cybersecurity standards, frameworks, and other references, as well as inputs from the broader community.

The CMMC framework adds a certification element to verify the implementation or possesses and practices associated with the achievement of a cybersecurity maturity level. CMMC is designed to provided increased assurance to the DoD that a DIB contractor can adequately protect Controlled Unclassified Information (CUI) at a level commensurate with the risk, accounting for information flow down to tits subcontractors in a multi-tier supply chain.

Languages

This content is available in English only.

Mappings

Mappings for the Cybersecurity Maturity Model Certification Framework (CMMC) Authoritative Source Content to the Archer Control Standard Library are available in the authoritative source content pack.

Content Source

The source of this content comes from the Office of the Under Secretary of Defense for Acquisition & Sustainment Cybersecurity Maturity Model Certification website.

Licensing Restrictions

The Cybersecurity Maturity Model Certification Framework (CMMC) authoritative source content is available with the use of the Archer Policy Program Management use case, the Archer IT Policy Program Management use case, and/or the Archer Assessment & Authorization use case. No additional license is required.

For More Information

To learn more about the Cybersecurity Maturity Model Certification Framework (CMMC) Authoritative Source Content:

For Additional Support

To learn more about this content, please contact your Account Rep for additional details. For technical support questions, please open a support case.

Was this article helpful? Yes No
Version history
Last update:
‎2021-08-19 05:07 PM
Updated by:
Contributors