Top Bottom

information CMMC: Domains and practices and levels (Cybersecurity)



read more (entrust)

Cybersecurity Maturity Model Certification (CMMC) is starting to become the talk of the town. It’s a program established by the US Department of Defense (DoD) intended to improve security by requiring certification of external contractors.

CMMC is the DoD’s response to significant compromises of sensitive defense information located on contractors’ information systems. In the past, contractors have been responsible for implementing, monitoring and self-assessing the security of their IT systems and any sensitive DoD information that was stored on or transmitted by those systems. With more than 300,000 contractors, and the fact that the defense industrial base (DIB) is under constant threat of cyber warfare, you can understand why this program is necessary. It is a matter of national security, especially post SolarWinds.

So, understanding the ‘why’ is easy enough, but a little more difficult can be understanding the ‘what’. The CMMC framework consists of multiple domains, maturity levels, and practice areas – it can be overwhelming to figure out what all this means and where to start.

I think it’s best to begin by looking at the different components that make up the CMMC framework:


There are 17 different domains in the CMMC framework. Each domain is essentially a category or grouping of security practices. Most of them have been pulled from recognized standards like the Federal Information Processing Standards (FIPS), and the National Institute of Standards and Technology (NIST).


read more (entrust)
Name Worth