Governance Briefing — DoD releases CMMC Version 1.0 for defense contractors
On 31 January 2020 the U.S. Department of Defense published Cybersecurity Maturity Model Certification (CMMC) Version 1.0, setting a five-tier certification path that contractors must meet to handle controlled unclassified information.
The U.S. Department of Defense released the Cybersecurity Maturity Model Certification (CMMC) Version 1.0 on 31 January 2020. The framework consolidates NIST SP 800-171 controls with additional practices across five maturity levels, requiring third-party certification for defense industrial base contractors that handle Controlled Unclassified Information (CUI) or Federal Contract Information.
Program managers and supply-chain leads should map existing security controls to the CMMC practices, identify required level targets by contract type, and prepare for third-party assessments that become gating requirements in defense solicitations.