The Cybersecurity Maturity Model Certification (CMMC) is a cybersecurity framework developed by the U.S. Department of Defense (DoD) to ensure that contractors and suppliers handling federal contract information (FCI) or controlled unclassified information (CUI) maintain adequate security practices. Unlike self-attested compliance models, CMMC requires third-party assessments to verify that organizations meet specific security requirements.

The framework is structured in multiple levels of maturity, ranging from foundational practices like basic cyber hygiene to advanced controls designed to protect sensitive defense information against evolving threats. CMMC aligns closely with NIST standards (such as NIST SP 800-171) and integrates them into a single, tiered model.