Cybersecurity Maturity Model Certification (CMMC)

The U.S. Department of Defense (DoD) has created the Cybersecurity Maturity Model Certification (CMMC), a program designed to verify organizations within the Defense Industrial Base (DIB) have sufficient safeguards in place to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). CMMC certification will become a mandatory requirement for all entities, including academic institutions, seeking to do business and/or enter into a contract with the DoD. Any existing contracts with the DoD established prior to the implementation of CMMC will not be affected.

CMMC 2.0 is the current version of this program, consisting of three maturity levels each with a specific assessment type, as depicted below. DoD contracts will specify the level of certification required for contractors to possess to bid on and be awarded contract(s).

Recently, CMMC 2.0 was published in the Federal Register and is continuing through the final phases of the rulemaking process. Until the rule is finalized, the information on this page is subject to change.

CMMC Model 2.0 Levels

FAQs

    What level of CMMC Certification is needed?

    What is a "C3PAO"?

    How does it affect Drexel?

Additional Resources

CMMC:

Other resources:

Contact informationsecurity@drexel.edu ​if you have any questions.