CMMC, A DoD Standard for a Resilient Cyber Supply Chain

A. Pabrai
ecfirst, Inc, California, United States

Keywords: CMMC, NIST, Cybersecurity, Cyber Resilience

Decoding CMMC: Enhancing Cyber Resilience for Highly Valued Assets Controlled Unclassified Information or CUI is government created or owned information that requires safeguarding or dissemination controls consistent with applicable laws, regulations and governmentwide policies. Cybersecurity and compliance professionals know about Personal Data (PD) and Personally Identified Information (PII). CMMC is the new DoD standard for a highly resilient cyber supply chain. So why is CMMC relevant to cyber professionals? CUI is regarded as highly valued information and should be better understood by professionals. This is because certain types of unclassified information are extremely sensitive, valuable to the United States, sought after by strategic competitors and adversaries, and often have legal safeguarding requirements. In this abstract we dive deeper and look closely at the CMMC standard. This includes, • Step through CUI concepts and NIST Standards • Examining CUI Registry, Categories, and Markings • Review DoD CMMC Certification requirements • Applying the CMMC Standard to enhance organization cyber resilience