CMMC (US DoD Cybersecurity Maturity Model Certification)

CMMC — Cybersecurity Maturity Model Certification — is the United States Department of Defense framework requiring contractors and subcontractors handling Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) to demonstrate specified levels of cybersecurity practices. CMMC 2.0, codified at 32 CFR Part 170 (effective December 2024), aligns directly with NIST SP 800-171 and SP 800-172 and is being phased into DoD contracts via DFARS 252.204-7021.

Scope

CMMC defines three certification levels: Level 1 (Foundational, 17 self-assessed practices), Level 2 (Advanced, 110 NIST 800-171 practices, third-party assessed for CUI), and Level 3 (Expert, NIST 800-172 enhanced controls assessed by DoD DIBCAC). For aerospace-defense PLM tenants this affects access controls, encryption at rest and in transit, audit logging, supply-chain controls, and incident response in the systems hosting controlled engineering data.

Normative for the Document Vault (CUI access controls), Workflow Engine (audit logging), and Classification Schema (CUI marking).
Companion to ITAR and EAR in the defense-industrial-base compliance stack.

Steward

US Department of Defense, DoD CIO and the Cyber Accreditation Body (Cyber AB).

PLM Knowledge Base

Browse

CMMC (US DoD Cybersecurity Maturity Model Certification)

CMMC (US DoD Cybersecurity Maturity Model Certification)

Scope

Relationships (see sidebar)

Steward

Comments

Graph View

Sources & links

Table of Contents

Backlinks

PLM Knowledge Base

Browse

CMMC (US DoD Cybersecurity Maturity Model Certification)

CMMC (US DoD Cybersecurity Maturity Model Certification)

Scope

Relationships (see sidebar)

Steward

Comments

Graph View

Related

Sources & links

Table of Contents

Backlinks