CMMC stands for Cybersecurity Maturity Model Certification. It is a certification framework developed by the U.S. Department of Defense (DoD) to assess the cybersecurity practices of contractors and subcontractors who work with the DoD. The CMMC framework consists of five levels, each with a set of practices and processes that organizations must meet in order to be certified at that level. The five levels are:

1. Level 1: Basic Cyber Hygiene

2. Level 2: Intermediate Cyber Hygiene

3. Level 3: Good Cyber Hygiene

4. Level 4: Proactive

5. Level 5: Advanced/Progressive

The level at which an organization is certified is determined by an independent third-party assessor. Organizations must meet the requirements of all the lower levels in order to be certified at a higher level. The certification is valid for three years and must be renewed at the end of that period. Organizations that are not certified at the appropriate level will not be able to do business with the DoD.

The CMMC framework is designed to protect the sensitive information and technology of the U.S. government and its contractors and subcontractors by ensuring that they have adequate cybersecurity practices in place. It is mandatory for all contractors and subcontractors working with the Department of Defense, compliance with CMMC is mandatory for any organization wanting to bid on DoD contracts starting with Fiscal year 2020.