When is CMMC required?

When is CMMC required?

The Cybersecurity Maturity Model Certification (CMMC) is required for contractors and subcontractors working with the US Department of Defense (DoD) on contracts that involve handling Controlled Unclassified Information (CUI) or Federal Contract Information (FCI).

CMMC applies primarily to the Defense Industrial Base (DIB), companies in the DoD supply chain that store, process and/or transmit CUI. Note - based on scoping, CMMC controls apply to assets that provide security protections for these in-scope assets.

The DoD is progressively integrating CMMC requirements into contract solicitations. Contractors must plan for CMMC early by conducting gap assessments, remediating deficiencies and undergoing third-party assessments. ComplianceForge offers editable CMMC policy templates to assist organizations in preparing for CMMC certification.

Governance Risk & Compliance (GRC) Content

Secure Controls Framework (SCF)

NIST 800-171 & CMMC - Where Do I Start?

Editable Policies & Standards Templates

Editable Procedures Templates

Cybersecurity Supply Chain Risk Management

NIST 800-171 Compliance

Risk Management

Data Protection (Privacy) & Secure Engineering

Vulnerability & Patch Management

Incident Response

PCI DSS Compliance

NIST 800-171 & CMMC Compliance

Premium GRC Content (GRC Importable)

Cybersecurity Policies, Standards & Procedures

Cybersecurity Supply Chain Risk Management

Privacy & Data Protection (GDPR, CCPA & more)

Risk Management Bundles

Subscriptions

Common Compliance Requirements

Alignment With Secure Practices

Free Guides

Cost Savings

US Federal Data Security Laws & Regulations

US State Data Security Laws & Regulations

International Data Security Laws & Regulations

SCF Licensed Content Provider (LCP)

SCF Certifications

Individual Certifications

Controlled Unclassified Information (CUI)

Why Choose ComplianceForge?

Industries Served & Client References

Multiple Company Discount

Product Comparison: DSP vs CDPP

When is CMMC required?