Loading...
A DoD framework requiring defense contractors to meet specific cybersecurity standards before handling federal contract information.
CMMC was developed by the Department of Defense to ensure that contractors in the Defense Industrial Base (DIB) protect sensitive unclassified information. The model has three levels: Level 1 (Foundational) with 17 practices, Level 2 (Advanced) aligned with NIST SP 800-171's 110 controls, and Level 3 (Expert) adding NIST SP 800-172 requirements. Starting in 2025, CMMC compliance is being phased into DoD contracts through DFARS clause 252.204-7021.
CUI
Government-created or -owned information that requires safeguarding controls per law, regulation, or government-wide policy, but is not classified.
FCI
Information not intended for public release that is provided by or generated for the government under a contract to develop or deliver a product or service.
NIST SP 800-171
The NIST standard specifying 110 security requirements for protecting CUI in non-federal systems. Forms the basis of CMMC Level 2 and DFARS 252.204-7012 compliance.
DFARS
DoD-specific supplement to the FAR that implements defense acquisition policies, including cybersecurity clauses like DFARS 252.204-7012 for CUI protection.
SPRS
The Supplier Performance Risk System score (-203 to 110) reflecting a contractor's self-assessed compliance with NIST SP 800-171. Required for DoD contracts involving CUI.
Check Your CMMC Readiness
Run our free compliance tools to see where your organization stands.
Audit Your Tech Stack FreeTrack Cybersecurity Maturity Model Certification compliance updates with AI-powered intelligence
Signals matches SAM.gov opportunities to your profile, monitors regulatory changes, and alerts you before competitors. Free for 90 days.
Start Free — 90 Days