What Is the DOD Cybersecurity Maturity Model Certification?

In this video, get an overview of the U.S. Department of Defense’s CMMC and its organization.

On April 28, the Security Industry Association (SIA) hosted Part 1 of the 2021 SIA GovSummit, the nation’s premier government security conference connecting government, security and technology. This daylong virtual conference featured insights from experts in government, industry, academia and the nonprofit sector on the security issues that matter the most to government agencies.

In one noteworthy session, Antoinette King, key account manager at Axis Communications, provided an overview of the U.S. Department of Defense (DOD) Cybersecurity Maturity Model Certification (CMMC) and what it means for contractors and security suppliers. The DOD relies heavily on the Defense Industrial Base Sector (DIBS) companies for services that include research and development, design, production, delivery and maintenance of military weapons systems and subsystems and components and parts for those systems. These companies include domestic and foreign entities with production assets located around the world. This collaboration between the DOD and DIBS contractors entails the exchange of sensitive information that should not be shared publicly and, when aggregated, could be a matter of national security. Cyberthreats to the DOD supply chain are growing, with the estimated cost of losses resulting from successful cyberattacks to the DIBS industry approaching $600 billion annually.

Identifying how information is classified by the federal government, King’s presentation dissected the process in which controlled unclassified information (CUI) is presently protected in non-federal systems and organizations and how the proposed DOD Cybersecurity Maturity Model Certification, when fully implemented, will help to improve the protection of CUI. In this video clip from the presentation, learn about core concepts and elements of the CMMC, a five-level model that addresses the cybersecurity maturity of DOD vendors and matches processes to practices that will improve security.

Want to watch the full session? Archived video from Part 1 of SIA GovSummit is available to all who attended the virtual conference via the agenda page. Missed the conference? You can access all the videos and unlock access to SIA GovSummit Parts 2 (June 9) and 3 (Sept. 21) by registering for an All Access Pass. We hope to see you at the next virtual GovSummit event!