{"id":137,"date":"2025-06-09T21:04:19","date_gmt":"2025-06-09T21:04:19","guid":{"rendered":"https:\/\/myauditiq.com\/?page_id=137"},"modified":"2025-06-11T12:43:23","modified_gmt":"2025-06-11T12:43:23","slug":"faqs","status":"publish","type":"page","link":"https:\/\/myauditiq.com\/?page_id=137","title":{"rendered":"FAQs"},"content":{"rendered":"\n

The Cybersecurity Maturity Model Certification (CMMC) is a framework developed by the U.S. Department of Defense (DoD) to enhance the cybersecurity posture of contractors handling Federal Contract Information (FCI) and Controlled Unclassified Information (CUI).<\/p>\n\n\n\n

<\/p>\n\n\n\n

Why Do You Need to Do CMMC?<\/strong><\/p>\n\n\n\n

    \n
  1. Required for DoD Contracts<\/strong> \u2013 Any organization that wants to bid on DoD contracts must meet the documented CMMC requirements.<\/li>\n\n\n\n
  2. Protect Sensitive Information<\/strong> \u2013 Ensure that you follow best cybersecurity practices to safeguard FCI and CUI data from cyber threats.<\/li>\n\n\n\n
  3. Competitive Advantage<\/strong> \u2013 Companies with the appropriate, and higher, CMMC certification level can access more contracts and demonstrate cybersecurity maturity to partners and customers.<\/li>\n\n\n\n
  4. Regulatory Compliance<\/strong> \u2013 CMMC aligns with existing regulations like NIST 800-171, helping you meet or exceed broader cybersecurity obligations.<\/li>\n\n\n\n
  5. Risk Reduction<\/strong> \u2013 Reduces your risk of cyber incidents that could lead to financial loss, reputational damage, or national security threats.<\/li>\n<\/ol>\n\n\n\n

    Which CMMC level is right for you?<\/strong><\/p>\n\n\n\n

    Federal Contract Information (FCI)<\/strong> is information provided by or generated for the U.S. government under a contract that is not intended for public release<\/strong>. It includes data related to contract performance but does not<\/strong> include publicly available information.<\/p>\n\n\n\n

    Why Is FCI Important?<\/strong><\/p>\n\n\n\n

      \n
    1. CMMC Compliance<\/strong> \u2013 If your company is limited to FCI, you must comply with CMMC Level 1<\/strong> security requirements.<\/li>\n\n\n\n
    2. Basic Cybersecurity Protections<\/strong> \u2013 Organizations must implement 17 basic cybersecurity practices,<\/strong> as defined by FAR 52.204-21,<\/strong> to safeguard FCI from unauthorized access.<\/li>\n\n\n\n
    3. Entry Requirement for DoD Contractors<\/strong> \u2013 If your company currently contracts with the DoD, you must secure Level One certification in 2025 to maintain existing contracts or bid on new DoD opportunities.<\/li>\n<\/ol>\n\n\n\n

      Controlled Unclassified Information (CUI)<\/strong> is government-created or owned information that requires safeguarding or dissemination controls under federal regulations but is not classified<\/strong>.<\/p>\n\n\n\n

      Why Is CUI Important?<\/strong><\/p>\n\n\n\n

        \n
      1. Regulatory Requirement<\/strong> \u2013 Organizations handling CUI must comply with security standards like NIST 800-171<\/strong> and require CMMC Level 2<\/strong>.<\/li>\n\n\n\n
      2. National Security & IP Protection<\/strong> \u2013 CUI includes sensitive data  and financial records that would potentially pose national security risks, if exposed.<\/li>\n\n\n\n
      3. DoD Contracting Requirement<\/strong> \u2013 If your company contracts with the  US DoD or is planning to do so,<\/strong>. protecting CUI is mandatory to qualify for contracts.<\/li>\n<\/ol>\n\n\n\n

        Examples of CUI<\/strong><\/p>\n\n\n\n