Our nation’s defense contractors and supply chain face fierce attacks from unseen adversaries who prey on cybersecurity weaknesses. Their goal is to steal cutting edge technology and research that makes the US the world’s most formidable superpower. Vigilant measures and robust cybersecurity are needed to combat this threat.  

The Cybersecurity Maturity Model Certification (CMMC) is a framework created by the Department of Defense to significantly increase and verify the cybersecurity hygiene of our Defense Industrial Base.

The history of CMMC goes all the way back to 2010 with Executive Order 13556. The CMMC model seeks to provide a standard for the protection, storage, and transmission of controlled unclassified information”(CUI) and it was this executive order that defined what constitutes CUI and how it is defined.

CUI is defined by the Department of Defense as information that requires protection to ensure national security, safeguard proprietary information, maintain privacy, and avoid embarrassment or legal issues.

It is projected that CMMC will become law during quarter one of 2025. To ensure future contracts it is imperative that every company in the Defense Industrial Base start working on CMMC compliance now since it could take a year or longer to achieve certification.

Peter McNamee, CCP