Cybersecurity Maturity Model Certification (CMMC) is an evolving body of security controls which essentially states that Government data on contractor networks must be protected with the same security as were the data on the Government’s own network.
CMMC is based on NIST SP 800-171, “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations”. NIST 800-171 defines 130 security controls as a singe security group which provides the baseline security for contractors. However, CMMC goes farther, it employs 176 security and process controls spread across five levels