ABOUT CMMC

The theft of intellectual property and sensitive information from all industrial sectors due to malicious cyber activity threatens economic security and national security. The Center for Strategic and International Studies estimates that the total global cost of cybercrime was a high as $600 billion in 2017. Malicious cyber actors have targeted, and continue to target the Defense Industrial Base sector and the supply chain of the Department of Defense. The aggregate loss of intellectual property and certain unclassified information from the DoD supply chain can undercut U.S. technical advantages and innovation as well as significantly increase risk to national security.
To enhance the protection of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI), the Under Secretary of defense for Acquisition and Sustainment has developed the Cybersecurity Maturity Model Certification (CMMC) framework. The model consists of maturity processes and cybersecurity best practices from multiple cybersecurity standards, frameworks and other references, as well as inputs from the broader community. The model encompasses the basic safeguarding requirement for FCI specified in FAR Clause 52.204-21 and the security requirements forCUI specified in NIST  SP 800-171 per DFARS Clause 252.204-7012. The CMMC framework adds a certification element to verify the implementation of processes and practices associated with the achievement of a cybersecurity maturity level, and measures cybersecurity maturity with five levels.
To assist North Carolina defense contractors understand and implement CMMC, multiple organizations with ties to the defense industry have established the NC Cybersecurity Interagency Coordinating Committee. The goals of the committee are to provide defense contractors with 1) up to date and accurate information about CMMC and the certification process; 2) effective tools they can use to assess their current level of compliance; and 3) access to reputable companies that can help them fill their compliance gaps and assist with certification preparation.

If you are, or plan to be in the Department of Defense supply chain, you must comply with cybersecurity regulations. To help North Carolina defense contractors understand and implement cybersecurity regulations, multiple State entities and organizations that support the defense industry have established the NC Interagency Cybersecurity Coordinating Committee (I3C). The goals of the committee are to provide defense contractors with 1) up to date and accurate information about cybersecurity regulations and requirements; 2) effective tools they can use to assess their current level of compliance in preparation for DoD certification; and 3) access to reputable companies, institutions and other resources to help them bridge their assessment, compliance, workforce and technical gaps to cybersecurity compliance. 

CyberNC.us is managed by the North Carolina Military Business Center through the North Carolina Interagency Cybersecurity Coordinating Committee (I3C).
Support provided by Fayetteville Technical Community College and NC State University's Secure Computing Institute.

The NCMBC and the I3C are not representatives of the DoD or the CMMC Accreditation body. This website is meant to be a community resource for cybersecurity compliance information.

Copyright 2020, North Carolina Military Business Center.  All Rights Reserved.