CMMC Resources

• CMMC Accreditation Body The CMMC AB provides information and sets requirements for prospective C3PAOs and individual assessors. Prospective C3PAOs and assessors should reference the CMMC AB website.
• The Office of the Under Secretary of Defense for Acquisition and Sustainment CMMC The Office of the Undersecretary of Defense for Acquisition and Sustainment (OUSD(A&S)) envisions CMMC to be a unified cybersecurity standard for DoD acquisitions to reduce exfiltration of Controlled Unclassified Information (CUI) from the Defense Industrial Base (DIB).

• Accelerating CMMC Compliance for Microsoft Cloud This Microsoft Tech Community Public Sector Blog post offers an in-depth insight to the Defense Industrial Base (DIB) on newly-established Cybersecurity Maturity Model Certification (CMMC) from the U.S. Department of Defense (DoD).
• CMMC Level 1 Assessment Guide This document provides assessment guidance for Level 1 of the Cybersecurity Maturity Model Certification (CMMC).
• CMMC Level 3 Assessment Guide This document provides assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 3 and Level 2.
• Exostar – CMMC Certification Assistant Certification Assistant streamlines the implementation of practices and processes necessary for accurate self-assessment and evidence collection while paving the way to CMMC-certification success.
• Exostar Cybersecurity Maturity Model Information Exostar CMMC information site provides timelines, FAQs, and updates on development of the CMMC.

• An Introduction to CMMC Assessment Guide DECEMBER 2020 – In this SEI Podcast, Andrew Hoover and Katie Stewart, architects of the CMMC model, discuss the CMMC assessment guides, how they were developed, and how they can be used.
• An Introduction to the Cybersecurity Maturity Model Certification (CMMC) MARCH 30, 2020 – CMMC Model Structure and Development 
• Beyond NIST SP 800-171: 20 Additional Practices in CMMC JUNE 22, 2020 – Twenty additional practices within CMMC that make DoD more security conscious.
• CMMC Scoring 101 SEPTEMBER 2020 – Andrew Hoover and Katie Stewart, architects of the Cybersecurity Maturity Model Certification (CMMC), discuss how assessed DIB organizations are scored according to the model.
• Cybersecurity Maturity Model Certification (CMMC) Part 2: Process Maturity’s Role in Cybersecurity JUNE 1, 2020 – An overview of process maturity and SEI’s history with measuring process maturity 
• Developing an Effective CMMC Policy AUGUST 2020 – Andrew Hoover and Katie Stewart, architects of the Cybersecurity Maturity Model Certification (CMMC), present guidelines for developing an effective CMMC policy.
• Documenting Process for CMMC JULY 2020 – Andrew Hoover and Katie Stewart, architects of the Cybersecurity Maturity Model Certification (CMMC), discuss process documentation, a Level 2 requirement
• Follow the CUI: 4 Steps to Starting Your CMMC Assessment AUGUST 24, 2020 – Identifying critical assets and scoping for CMMC assessment.
• New SEI Podcasts Dive Deep into CMMC Assessment Guides JANURARY 2021 – A list of few SEI Podcasts that dive deep into CMMC Assessment Guides.
• Optimizing Process Maturity in CMMC Level 5 OCTOBER 2020 – Andrew Hoover and Katie Stewart, architects of the CMMC model, discuss the Level 5 process maturity requirements, which are standardizing and optimizing a documented approach for CMMC.
• Reviewing and Measuring Activities for Effectiveness in CMMC Level 4 OCTOBER 2020 – Andrew Hoover and Katie Stewart, architects of the CMMC model, discuss reviewing and communicating CMMC activities and measuring those activities for effectiveness in Level 4 of the model.
• The CMMC Level 3 Assessment Guide: A Closer Look DECEMBER 2020 – Andrew Hoover and Katie Stewart discuss the Level 3 Assessment Guide for CMMC.

• YouTube – Detailed Analysis of CMMC’s Impact on Suppliers Representatives from several primes are discussing the impact of CMMC on the supplier base. These primes include Jeffrey Dodson (BAE Systems), Christopher Page (Huntington Ingalls Industries), Mike Gordon (Lockheed Martin), and Noble Dean (L3Harris).
• YouTube – The DoD’s Cybersecurity Maturity Model Certification and Process Maturity This video is an hour long presentation conducted by Carnegie Mellon SEI to discuss the process maturity for CMMC.
• YouTube – Understanding Cybersecurity Maturity Model Certification (CMMC): How it will affect your organization and how to prepare October 24, 2019: DoD has announced CMMC as a unified cybersecurity standard to be consistently applied to all organizations across the Defense Industrial Base. CMMC certification becomes a requirement in 2020. It will greatly enhance the cybersecurity of the supply chain, but will also enforce new requirements for your organization to participate on any DoD contract. CMMC requires certification by an accredited third party and is pass/fail. Watch Ms. Arrington’s CMMC introduction.

The external user forum links below can be used to seek assistance outside of the CMMC-COE webpage. The CMMC-COE neither monitors nor moderates these communities.

• Reddit – CMMC A reddit community with information, guidance, and assistance for meeting the new DoD CMMC rating guidelines.
• Reddit – NIST Controls Discussion, Resource Sharing, News, Recommendations for Solutions A reddit community for navigating the complicated world of NIST Publications and their controls. This includes discussions, resource sharing, news, and recommendations for solutions. Collaboration on implementing and maintaining NIST SP 800-53 & NIST SP 800-171 controls.