Question 1

What is the purpose of CMMC?

Accepted Answer

CMMC is a DoD framework to verify that companies in the Defense Industrial Base have implemented appropriate cybersecurity controls to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) from unauthorized disclosure.

Question 2

What are FCI and CUI?

Accepted Answer

FCI is non-public government contract information protected under CMMC Level 1.

CUI is more sensitive unclassified information requiring enhanced protections under CMMC Levels 2 and 3.

Question 3

What are the risks of non-compliance?

Accepted Answer

Loss of contract eligibility; termination of current DoD work; financial penalties; reputational damage.

CMMC FAQ