Managed CMMC Compliance
One common misconception is that CMMC compliance is the same thing as NIST SP 800-171. That is not entirely true, especially in the higher-levels of CMMC that include requirements from frameworks other than NIST SP 800-171.
CMMC’s ultimate aim is to ensure that defense contractors do not get hacked, resulting in the loss of sensitive defense information that could fall into the hands of U.S. adversaries. The White House Council of Economic Advisers estimated in 2018 that malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016.
To counter this threat, the DOD developed the CMMC, which is designed to be a “unifying standard for the implementation of cybersecurity across” the DIB (Defense Industrial Base) .
The CMMC framework includes a “comprehensive and scalable certification element to verify the implementation of processes and practices associated with the achievement of a cybersecurity maturity level,” according to the DOD.
According to the Pentagon, the framework is designed to ensure that defense contractors “can adequately protect sensitive unclassified information, accounting for information flow down to subcontractors in a multi-tier supply chain.”