CMMC Program Safeguards Information in the Defense Industrial Base

On December 16, 2024, 32 CFR Part 170 established the Cybersecurity Maturity Model Certification (CMMC) Program. The milestone marked a major transition for one of the SEI’s most impactful projects.

A product of the Office of the Department of Defense (DoD) Chief Information Officer, CMMC improves security throughout the defense industrial base (DIB) supply chain against increasing and evolving cyber threats. The program defines the measures that DIB organizations must implement to safeguard Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). The DoD verifies implementation of the measures through CMMC assessments of specified cybersecurity standards.

Implementation of the CMMC Program will transform the DIB.

Frank Smith

Resilience Diagnostics Team Lead, SEI CERT Division

Since the inception of CMMC in 2019, the SEI has touched virtually every aspect of the program, from helping establish its structure based on proven cybersecurity practices, to developing certification and assessment standards, to creating training for an estimated 160,000 contracting officers, program managers, and others in the defense acquisition workforce.

“Implementation of the CMMC Program will transform the DIB,” explained the SEI’s Frank Smith, who leads the CMMC team. “CMMC protects sensitive DoD information from our adversaries. Beyond the DoD, it creates a baseline for DIB contractors to implement cybersecurity requirements according to a clear set of measures applicable across the federal space.”

For details about the CMMC Program, contact the SEI CERT Division at info@sei.cmu.edu.