The Cybersecurity Maturity Model Certification (CMMC) is a program developed by the U.S. Department of Defense (DoD) to ensure that Defense Industrial Base (DIB) contractors meet certain cybersecurity requirements. The CMMC framework includes a comprehensive and scalable certification element to verify the implementation of processes and practices associated with the achievement of a cybersecurity maturity level. The CMMC model has five levels, and each level consists of practices and processes as well as those specified in the lower levels. The CMMC levels are as follows:

• CMMC level 1: Safeguard federal contract information
• CMMC level 2: Serve as a transition step in cybersecurity maturity progression to protection controlled unclassified information
• CMMC level 3: Protect controlled unclassified information (CUI)
• CMMC levels 4-5: Protect CUI and reduce the risk of advanced persistent threats

The CMMC program is aligned with DoDs information security requirements for DIB partners and is designed to enforce protection of sensitive unclassified information that is shared by the Department with its contractors and subcontractors. The CMMC 2.0 program is the next iteration of the Departments CMMC cybersecurity model, and it streamlines requirements to three levels of cybersecurity and aligns the requirements at each level with well-known and widely accepted NIST cybersecurity standards. The CMMC 2.0 program has three key features: comparison between CMMC Models 1.0 and the planned CMMC Model 2.0, a comprehensive cost analysis associated with each level of CMMC 2.0, and the implementation of several key changes. Contractors must achieve certification before they can win future government contracts, and the costs depend upon several factors, like the target CMMC levels.