← Back to all briefings
Governance 5 min read Published Updated Credibility 40/100

Governance Briefing — DoD releases CMMC Version 1.0 for defense contractors

On 31 January 2020 the U.S. Department of Defense published Cybersecurity Maturity Model Certification (CMMC) Version 1.0, setting a five-tier certification path that contractors must meet to handle controlled unclassified information.

Zeph Tech Research Lead

Research lead, Zeph Tech

Single-point timeline showing the publication date sized by credibility score.
Publication date and credibility emphasis for this briefing. Source data (JSON)

The U.S. Department of Defense released the Cybersecurity Maturity Model Certification (CMMC) Version 1.0 on 31 January 2020. The framework consolidates NIST SP 800-171 controls with additional practices across five maturity levels, requiring third-party certification for defense industrial base contractors that handle Controlled Unclassified Information (CUI) or Federal Contract Information.

Program managers and supply-chain leads should map existing security controls to the CMMC practices, identify required level targets by contract type, and prepare for third-party assessments that become gating requirements in defense solicitations.

Single-point timeline showing the publication date sized by credibility score.
Publication date and credibility emphasis for this briefing. Source data (JSON)

Related briefings

Curated signals from the same pillar or overlapping topics.

Continue in the Governance pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

  • CMMC
  • CUI
  • third-party risk
  • defense procurement
Back to curated briefings