Skip to main content

Department of Defense: Cybersecurity Maturity Model Certification (CMMC) Program

Skip to Highlights

Highlights

GAO reviewed Department of Defense's (DoD) new rule entitled "Cybersecurity Maturity Model Certification (CMMC) Program." GAO found that this rule establishes the Cybersecurity Maturity Model Certification (CMMC) Program in order to verify contractors have implemented required security measures necessary to safeguard Federal Contract Information and Controlled Unclassified Information.

Enclosed is our assessment of DoD's compliance with the procedural steps required by section 801(a)(1)(B)(i) through (iv) of title 5 with respect to the rule. If you have any questions about this report or wish to contact GAO officials responsible for the evaluation work relating to the subject matter of the rule, please contact Charlie McKiver, Assistant General Counsel, at (202) 512-5992.

View Decision

Downloads

GAO Contacts

Shirley A. Jones
Managing Associate General Counsel
Office of the General Counsel

Media Inquiries

Sarah Kaczmarek
Managing Director
Office of Public Affairs

Public Inquiries