CMMC (Cybersecurity Maturity Model Certification)
Definition
A United States Department of Defense framework that certifies defence contractors at one of five tiers of cybersecurity capability. Each tier requires the practices of lower tiers plus additional controls. The required tier is specified in the contract and must be achieved before bid award.
Related terms
- Audit programme maturity
- The degree to which an organisation's audit activities are systematically planned, resourced, executed, measured, and improved. Maturity is usually described on a...
- Enterprise risk management (ERM) integration
- The practice of aligning audit planning with the organisation's ERM risk register so that audit coverage tracks actual risk. When the risk...
- Lessons-learned review
- A structured post-cycle review that identifies what worked, what failed, and what should change in the next audit cycle. The output is...
- Mean time to close (MTTC)
- The average elapsed time between the date a finding is formally reported and the date remediation is verified as complete. MTTC is...
- Repeat finding rate
- The percentage of findings in the current audit cycle that were also identified in the prior cycle. A high repeat finding rate...
Explained in
- Continuous Improvement and Audit Programme MaturityA United States Department of Defense framework that certifies defence contractors at one of five tiers of cybersecurity capability. Each tier requires the pra...