1. Home
  2. CMMC
  3. Cybersecurity Maturity Model Certification (CMMC)
Searching...

Cybersecurity Maturity Model Certification (CMMC)

Contents

Cybersecurity Maturity Model Certification (CMMC) 2.0 is a revised cybersecurity framework that evaluates and enforces the effective implementation of security controls defined in NIST SP 800-171 by any organization in the DoD supply chain.

NIST SP 800-171 is the current security standard mandated by the DoD for protecting Controlled Unclassified Information (CUI) in non federal information systems and originations, and serves as the foundation for CMMC 2.0 compliance.

CMMC Product Suite

Exostar’s Managed Microsoft 365
Secure CUI Storage & Collaboration Solution
Exostar’s Managed Microsoft 365 is a fully managed cloud service and CUI storage and collaboration tool with robust cybersecurity features to support CMMC certification. EMM365 provides a secure Microsoft Teams environment for CMMC compliance and secure collaboration.
Exostar’s Managed Secure Desktop
Exostar’s Managed Secure Desktop allows customer to access a certified desktop that allows access to CUI with multiple suppliers in a consistent manner and keep track of all documentation between them, while remaining compliant with CMMC 2.0 level 2 / NIST SP 800-171 and US Export Control (ITAR, EAR, etc).
Certification Assistant
Self-Assessment, SPRS, SSP, POA&M Solution
Certification Assistant streamlines CMMC/NIST SP 800-171 self-assessments, calculates SPRS scores, and generates SSPs and POA&Ms for compliance. This tool allows you to take control of your NIST/CMMC self-assessment.
PolicyPro
NIST/CMMC Policy Solution
Simplify policy creation and maintenance with Exostar’s PolicyPro.
PolicyPro provides policy management and optimization for NIST SP 800-171 & CMMC compliance.
Choose from a comprehensive template library to build compliant NIST SP 800-171/CMMC policies or use the AI-powered engine to refine your existing documentation, ensuring your policies meet both current and future compliance requirements.

CMMC Webinars

Want to learn more about Cybersecurity Maturity Model Certification (CMMC)?

You can register for any of our upcoming CMC workshops here: CMMC Webinars

CMMC Accepted Credentials

The following credentials are accepted with any of the CMMC bundle products listed above. In order to access any CMMC application, at a minimum you will need to have a Managed Access Gateway account and purchase a Phone (SMS) One-Time Password (OTP) without Proofing.

Accepted Credentials:
– Phone (SMS) One-Time Password (OTP) with or without Proofing
– Hardware One-Time Password (OTP) Token
– FIDO2 Passkey
– Exostar Mobile ID
– MLOA Software Certificates
– MLOA Hardware Certificates

CMMC FAQs

What is Cybersecurity Maturity Model Certification (CMMC)?
CMMC is the current standard mandated by the Department of Defense’s (DoD) program to make sure all contractors meet specific cybersecurity standards. Think of it as the DoD’s “cybersecurity report card”; you must pass to keep or win contracts.
What is Controlled Unclassified Information (CUI)?
CUI is sensitive government information that isn’t classified but still must be protected.
Examples: technical drawings, purchase orders, or supplier data related to defense projects.
If leaked, it could still harm national security or military readiness.
What is NIST SP 800-171?
Is a set of 110 security requirements published by the National Institute of Standards and Technology (NIST).
These are the “rules of the road” for protecting CUI, and CMMC is built on them.
What is DFARS (Defense Federal Acquisition Regulation Supplement)?
DFARS Clauses (Defense Federal Acquisition Regulation Supplement):

Contract rules from the DoD that require contractors to follow specific cybersecurity standards:
252.204-7012 → Protects CUI + requires reporting cyber incidents
252.204-7019 → Requires a self-assessment of NIST 800-171
252.204-7020 → Requires you to post your score in the government’s SPRS system
252.204-7021 → Requires CMMC certification at the time of award
Together, these clauses make cybersecurity and CMMC a mandatory condition for doing business with the DoD.

Updated on May 13, 2026
Tagged:
Was this article helpful?
Yes No
Need Support?
Can’t find the answer you’re looking for? Don’t worry we’re here to help!
Contact Support
We will have adjusted support hours on Monday, May 25th, 2026 in observance of Memorial Day. Our phone support will be available from 6:00 AM to 5:00 PM EST. Chat and video proofing support will be closed during this time. We will return to standard business hours the following business day. Thank you for your patience and understanding!
This is default text for notification bar
Learn more