Protecting Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) that resides on supplier networks is an important step in reducing risk to National Security. The Department of Defense created the Cybersecurity Maturity Model Certification (CMMC) to raise the level of information security across the entire Defense Industrial Base (DIB) and better protect our nation's critical information.
Carahsoft and our partners have assembled products and services to help the defense community address the processes and practices of CMMC.
Carahsoft and our partners have assembled products and services to help the defense community address the processes and practices of CMMC. We have organized those products and services by both CMMC Capability Domain and by technology vendor. To get started, select a CMMC Domain or Technology Vendor on the left hand side.
CMMC is the cybersecurity framework used by the DOD to measure their suppliers' cybersecurity maturity and ensure protection of Controlled Unclassified Information (CUI) residing on contractor networks. CMMC organizes cybersecurity processes and best practices into a set of 14 capability domains across 3 maturity tiers. The 3 Maturity Levels of the CMMC Framework are summarized below:
Given the range of information sensitivity by contract, the maturity level required will be determined at the individual contract level. The maturity model is cumulative so that each successive level consists of the practices and processes specified in the preceding level as well as additional controls.
Within the 3 maturity levels of CMMC, the 14 capability domains are derived from the basic safeguarding requirements in FAR Clause 52.204-21, NIST Special Publication 800-171, and NIST Special Publication 800-172. Each domain is comprised of a set of controls that designate a range of cybersecurity and mitigation activities.
The CMMC framework includes an assessment requirement that verifies the execution of the practices by maturity level and standardizes implementation across the DIB. CMMC assessments are carried out through one of three methods depending on maturity level: self-assessment, third party assessment by CMMC Accreditation Body (CMMC-AB) certified assessor, or government assessment.
For more information on CMMC or how to get started on assessing your CMMC needs, please reach out to CMMC@carahsoft.com and a Carahsoft representative will assist you.
November 30th, 2022
Supply chain attacks can be devestating, but organizations are working to secure their supply chain and data, and creating a backup plan to avoid disaster.
November 10th, 2022
Discover how DFARS interacts with CMMC 2.0 to protect controlled unclassifed information (CUI) and impacts your organization's cybersecurity methodology.
January 11th, 2022
CMMC, a unified standard that will measure and certify cybersecurity requirements in organizations working with the DoD, continues to evolve.
January 29th, 2021
Okta's Chris Niggel talks the importance of choosing the right security solutions, keeping users engaged and where agencies will focus their efforts in the future.
January 8th, 2021
Read the latest insights on Law Enforcement from Government Cloud thought leaders and additional research from GovTech on the Carahsoft Community Blog.
October 16th, 2020
Read the latest insights from cyber intelligence thought leaders and additional government perspectives on the Carahsoft Community Blog.
October 8th, 2020
Read the latest insights from Government Cybersecurity thought leaders and additional research from GovTech on the Carahsoft Community Blog.
August 28th, 2020
Read the latest insights from these Government Cloud Security thought leaders and additional industry research from FCW on the Carahsoft Community Blog.
May 13th, 2020
Read the latest insights from Government Supply Chain thought leaders and additional government interviews on Carahsoft's Community Blog.
Hosted By: Zscaler, Steel Root & Carahsoft
December 13, 2022
1:00 PM ET
Organizations of all sizes in the Defense Industrial Base (DIB) are preparing to comply with the Cybersecurity Maturity Model Certification (CMMC) 2.0. Mobile device security is a critical topic of discussion among those in the DIB who are assessing and strategizing how to address existing endpoint security. In particular, there are specific requirements around incorporating mobile device usage restrictions, scanning a device for software updates and patches, and conducting operating system (OS) integrity checks within their current cybersecurity mix.
Download this technology brief to better understand CMMC 2.0 so you can implement standards more quickly and efficiently.
March 16, 2021
Carahsoft Technology Corp., The Trusted Government IT Solutions Provider®, today announced that it has been named the 2020 Distributor of the Year by Gigamon, the global leader in visibility and analytics for the hybrid cloud.
March 04, 2021
Carahsoft Technology Corp., The Trusted Government IT Solutions Provider®, today announced that it has been named the 2020 Global Distributor of the Year by FireEye.