CMMC Program… what you need to know
November 19, 2021


As many of us know, cybercrime and data breaches are at an all-time high and have not shown any signs of slowing down. These attacks are a burden for any organization and the cost of coming back from one can be detrimental. The Department of Defense recently announced a new framework that will soon provide a solution for many service companies. The Cybersecurity Maturity Model Certification (CMMC) is a new program that is made up of a comprehensive framework to protect the defense industrial base (DIB) from increasingly frequent and complex cyberattacks. The CMMC program is designed to enforce consistent cybersecurity practices across the hundreds of thousands of defense contractors that participate in and make up the DIB.
What is CCMC?
CMMC stands for “Cybersecurity Maturity Model Certification.” This program will measure defense contractors’ capabilities, readiness, and sophistication when it comes to cybersecurity. The framework for this program is essentially a collection of processes, frameworks, and inputs from existing cybersecurity standards such as NIST. The CMMC encompasses multiple maturity levels ranging from basic to progressive. Each level becomes more demanding the more progressive it gets. The CMMC levels are defined as follows: Level 1 – safeguard Federal Contract Information (FCI), Level 2 – transition to protect Controlled Unclassified Information (CUI), Level 3 – protect CUI, and Levels 4 and 5 – protect CUI and reduce risk of Advanced Persistent Threats (APTs). Visit the CMMC website to learn more about each of these levels.
Why is CMMC being implemented?
The Department of Defense is transitioning to the new CMMC framework to protect against the theft of sensitive information and intellectual property. This framework will provide best cybersecurity practices across the entire supply chain base.
Who needs to be CMMC certified?
The DoD estimate there are over 300,000 organizations within the supply chain, small businesses, commercial item contractors and foreign suppliers that will require assessment and certification to one of the five CMMC levels. This includes prime contractors, subcontractors, and generally all organizations that sell or service the DoD.
How does my organization get certified?
DoD created the CMMC Advisory Board (CMMC-AB) to be an independent organization that is responsible for administering the CMMC certification process for C3PAO, assessors, and DIB entities. C3PAO assessors will assess organizations using the CMMC levels as criteria. As a Lightedge client, you receive full access to our compliance certifications, including CMMC.
Is Lightedge certified?
Lightedge is currently being assessed by an independent third party. Once the CMMC assessment is completed, the implementation process will begin. Lightedge predicts it will fully adopt the CMMC model in 2022. Click here to get started with our highly trained compliance and security experts today.