Draft Version V 0.4 of the Cybersecurity Maturity Model Certification (CMMC)

The CMMC has been in development for several months in a collaborative effort with Johns Hopkins University Applied Physics Laboratory, Carnegie Mellon University Software Engineering Institute, Defense Industrial Base Sector Coordinating Council (DIB SCC), Office of Small Business Programs, as well as many others.

The CMMC effort has had a great deal of support from our industry associations such as the National Defense Industrial Association (NDIA), the Aerospace Industries Association (AIA), and the Professional Services Council (PSC) in getting the CMMC information out to the Department of Defense supply chain. We appreciate all of these efforts to secure our collective national defense.

This team has worked with the previously mentioned stakeholders to establish a robust process of collaboration to develop Draft CMMC v0.4.

The Draft CMMC v0.4 is the midpoint of development and we are requesting feedback.

The CMMC model will continue to be improved over the next several months with the collaboration of all the stakeholders with the finalization of v1.0 in January 2020.

We welcome your inputs and expect numerous comments and feedback from all stakeholders. We will take these comments into consideration as we move forward on future releases. Please understand that we may not directly address your questions and concerns with an individual written response.

We anticipate providing Draft CMMC Model v0.6 for public review in November 2019.

Please populate the comment matrix and email no later than September 25th, 2019, by 5:00pm EDT, to osd.pentagon.ousd-a-s.mbx.cmmc@mail.mil

The documents below include an overview briefing, the draft model, and a comment matrix.

LEARN MORE at https://www.acq.osd.mil/cmmc/draft.html