CMMC is a DoD framework to verify that companies in the Defense Industrial Base have implemented appropriate cybersecurity controls to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) from unauthorized disclosure.

FCI is non-public government contract information protected under CMMC Level 1.

CUI is more sensitive unclassified information requiring enhanced protections under CMMC Levels 2 and 3.

Loss of contract eligibility; termination of current DoD work; financial penalties; reputational damage.