The Cybersecurity Maturity Model Certification (CMMC) – A pocket guide

A clear, concise primer on the CMMC (Cybersecurity Maturity Model Certification), this pocket guide:





Summarizes the CMMC and proposes useful tips for implementation
Discusses why the scheme has been created
Covers who it applies to
Highlights the requirements for achieving and maintaining compliance

---

The United States DoD (Department of Defense) is one of the largest employers in the world, with about 2.87 million employees. It spends more than a year among more than 350,000 contractors and subcontractors throughout its supply chain.



Information in the DoD network is shared digitally across the contractor and subcontractor supply chain, offering an irresistible target for nation-states and cyber criminals.



Protecting the DoD supply chain



The CMMC was developed to step up measures for protecting the DoD supply chain. Its objectives are to standardize cybersecurity controls and ensure that effective measures are in place to protect CUI (Controlled Unclassified Information) on contractor systems and networks.



All companies doing business with the DoD, including subcontractors, must become certified by an independent third-party commercial certification organization.



Your essential guide to understanding the CMMC



To help you get to grips with the CMMC, this essential pocket guide covers:





What the CMMC is and why it has been introduced
Who needs to comply with the CMMC
The implementation process
The road to certification
CMMC implications for firms doing business with the US government


Suitable for senior management and the C-suite, general or legal counsel, IT executives, IT organizations, and IT and security students, this pocket guide will give you a solid introduction to the CMMC and its requirements.



About the author



William Gamble is an international cybersecurity and privacy compliance expert. He is one of the few lawyers to hold advanced cybersecurity professional qualifications, and has an in-depth understanding of the design, management, and deployment of technology within the ISO 27001 framework. 



With more than 30 years’ experience of international regulatory practice in the U.S., EU, China, and other countries, William has had hundreds of articles published globally, written three books, and appeared on numerous radio and television programs around the world.



William is a member of the Florida Bar and several federal courts. His qualifications include Juris Doctor (JD), Master of Laws (LLM), CompTIA® A+, Network+, Security+, CASP (Advanced Security Practitioner), ISO 27001 Lead Auditor and Lead Implementer, and GDPR Practitioner (GDPR P).