Defense contractors and the entire government contracting supply chain are facing more sophisticated cybersecurity challenges, made increasingly more complicated with the continued threat of third-party breaches of controlled unclassified information (CUI). In response to the increased need for security measures, the Department of Defense (DOD) released the Cybersecurity Maturity Model Certification (CMMC) to enhance and enforce the information security expectations that its prime contractors and subcontractors in the defense industrial base (DIB) are contractually required to maintain in order to protect CUI.
In an attempt to improve the effectiveness of the supply chain's cybersecurity posture, as well as enforce standard cybersecurity hygiene principles and practices throughout the DIB, the DOD released CMMC 2.0 framework on Nov. 4, 2021. The framework defines a tiered approach of certifying the cybersecurity posture of all organizations that provide goods and services to the DOD, regardless of the amount of confidential data (e.g., CUI) they handle. Approximately 350,000 contractors and subcontractors within the DIB will be required to demonstrate compliance with the CMMC framework to continue working on or seeking out new DOD contracts.