The Cybersecurity Maturity Model Certification (CMMC) is an assessment framework and assessor certification program designed to increase the trust in measures of compliance to a variety of standards
The purpose of the CMMC is to verify that the information systems used by the contractors of the United States Department of Defense to process, transmit or store sensitive data are compliant with the mandatory information security requirements.^[4] The goal is to ensure appropriate protection of controlled unclassified information (CUI)^[5] and federal contract information (FCI) that is stored and processed by partner or vendor.  
The Cybersecurity Maturity Model Certification (CMMC) program is the Department’s program to assist Industry to meet adequate security requirements of 32 CFR Part 2002, DFARS 252.204-7012, and DoDI 5200.48 in the implementation of National Institute of Standards and Technology (NIST) SP 800-171.