The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) recognizes that security is foundational to acquisition and should not be traded along with cost, schedule, and performance moving forward. The department is committed to working with the Defense Industrial Base (DIB) sector to enhance the protection of controlled unclassified information (CUI) within the supply chain.
OUSD(A&S) is working with Department of Defense stakeholders, university-affiliated research centers (UARCs), federally funded research and development centers (FFRDCs), and industry to develop the Cybersecurity Maturity Model Certification (CMMC). The CMMC will review and combine cybersecurity standards and best practices and map these controls and processes across several maturity levels that range from basic to advanced cyber hygiene. For a given CMMC level, the associated controls and processes, when implemented, will reduce risk against a specific set of cyber threats.