CMMC – What is it?

Researchers working in a lab with Controlled Unclassified Information image

The Cybersecurity Maturity Model Certification (CMMC) is a program of unified standards and frameworks of cybersecurity best practices and controls established by the United States Department of Defense (DOD) intended to protect Federal Contract Information (FCI), 48 CFR § 52.204-21 and/or Controlled Unclassified Information (CUI), Executive Order 13556, associated with DOD funded research. CMMC also has a certification component that verifies compliance with the standard.

Once this certification process is complete, DOD contracts will include certification level requirements to bid on the contract. The university is working to be Level 3 compliant to support the majority of contracts for research.

If you plan to respond to a federal government RFP or RFI and anticipate that a specific CMMC level may be involved, then you must have adequate cybersecurity measures in place to accept said contract. Please contact the Joint Research Office for Contracts (JROC) to determine if the RFP/RFI will be subject to security requirements.

Back to CMMC at WUSTL and Security of Controlled Unclassified Information (CUI) in Sponsored Research