The Cybersecurity Maturity Model Certification (CMMC) 1.0 for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. The CMMC model draws on maturity processes and cybersecurity best practices from multiple standards, including the National Institute of Standards and Technology (NIST) frameworks and references, as well as input from DIB entities and the Department of Defense. CMMC requires that DIB organizations complete an assessment of all CMMC practices at a particular level and become certified by a CMMC third-party assessment organization. When fully implemented, CMMC will require all DIB companies to achieve certification at one of the five CMMC levels, which includes both technical security practices and maturity processes. In this SEI podcast, Andrew Hoover and Katie Stewart, architects of the CMMC model and researchers at Carnegie Mellon University's Software Engineering Institute, discuss the Level 3 Assessment Guide for the CMMC and how it differs from the Level 1 Assessment Guide.
Agile Acquisition
An Architecture-Focused Measurement Framework for Managing Technical Debt
Cloud Computing for the Battlefield
U.S. Postal Inspection Service Use of the CERT Resilience Management Model
Insights from the First CERT Resilience Management Model Users Group
NIST Catalog of Security and Privacy Controls, Including Insider Threat
Cisco's Adoption of CERT Secure Coding Standards
How to Become a Cyber Warrior
Considering Security and Privacy in the Move to Electronic Health Records
Measuring Operational Resilience
Why Organizations Need a Secure Domain Name System
Controls for Monitoring the Security of Cloud Services
Building a Malware Analysis Capability
Using the Smart Grid Maturity Model (SGMM)
Integrated, Enterprise-Wide Risk Management: NIST 800-39 and CERT-RMM
Conducting Cyber Exercises at the National Level
Indicators and Controls for Mitigating Insider Threat
How Resilient Is My Organization?
Public-Private Partnerships: Essential for National Cyber Security
Software Assurance: A Master's Level Curriculum
Create your
podcast in
minutes
It is Free