The CMMC Program aligns with the Department of Defense’s (DoD) existing information security requirements for the Defense Industrial Base (DIB). It is designed to enforce the protection of sensitive unclassified information shared by the department with its contractors and subcontractors. The program provides the DoD with increased assurance that contractors and subcontractors are meeting the cybersecurity requirements for nonfederal systems processing controlled unclassified information.

This is the official DoD CIO CMMC FAQs page that also includes information about the most recent updates to the CMMC program.

The Cyber AB is the official accreditation body of the CMMC ecosystem and the sole authorized nongovernmental partner of the DoD in implementing and overseeing the CMMC conformance regime. The Cyber AB also manages and maintains the CMMC Marketplace, which connects government contractors looking to achieve CMMC compliance with qualified CMMC service providers.

ND-ISAC is the Information Sharing and Analysis Center for the Defense Industrial Base, offering defense sector companies, their suppliers, and related interests a community and forum for sharing cyber and physical security threat indicators, best practices, and mitigation strategies. ND-ISAC gives defense industry entities and suppliers the ability to leverage the best security data, tools, and services and the best practices available in a high-trust, collaborative industry environment. Through ND-ISAC, members share intelligence on cybersecurity and physical security, insider threats, vulnerabilities, and associated threat remediation. ND-ISAC enables members to develop and continually mature their secure enterprise. ND-ISAC serves as the national defense sector’s principal focal point for all hazards to the sector.

The National Security Agency (NSA) CCC is how NSA scales intel-driven cybersecurity through open, collaborative partnerships. The CCC works with industry, interagency, and international partners to harden the U.S. Defense Industrial Base, operationalize NSA’s unique insights on nation-state cyber threats, jointly create mitigations guidance for emerging activity and chronic cybersecurity challenges, and secure emerging technologies.

DCISE, the operational hub of DoD’s DIB Cybersecurity Program, safeguards intellectual property and DoD content on unclassified contractor networks. It facilitates public–private cyber threat information sharing and offers no-cost Cybersecurity-as-a-Service capabilities as well as collaboration events with government/industry. DC3 DCISE provides threat analysis, mitigation strategies, best practices, and exchanges for DIB participants of all sizes.

CISA has curated a database of free cybersecurity services and tools as part of its continuing mission to reduce cybersecurity risk across U.S. critical infrastructure partners and state, local, tribal, and territorial governments.