CMMI Institute


Committed to Cybersecurity Success and Resilience

ISACA-CMMI Institute is deeply committed to improving the cybersecurity capabilities of our clients and partners, including the Defense Industrial Base (DIB).  We have been working with the Department of Defense (DoD) as a member of the initial Cybersecurity Maturity Model Certification (CMMC) Stakeholder Committee and we are grateful and honored to be able to continue to contribute to the establishment and ongoing success of the CMMC ecosystem. Going forward into 2020 and beyond, we will continue to work with the DoD, the CMMC Accreditation Body (AB) and other stakeholder organizations by leveraging our deep experience and capabilities in:

Cybersecurity training and certifications for individuals, organizations and instructors

Cybersecurity training and certifications, performance-based learning for individuals, organizations and instructors

Model-based process assessments, including assessment methods and operations, quality control and assurance

Model-based process and performance assessments, including assessment methods and operations, and quality assurance

Maturity-based organizational accreditation

Maturity- and capability-based organizational accreditation and verification

Cybersecurity and process auditing and improvement

Cybersecurity process and controls auditing and performance improvement

ISACA, as a member of the Professional Services Council, (PSC) has subject matter experts currently working in cybersecurity, assessments, training, certifications, and model-based performance improvement, and they are actively engaged with the PSC CMMC Task Force. ISACA-CMMI Institute will continue to collaborate with other organizations to leverage and use ISACA-CMMI Institute’s industry-recognized cybersecurity, assessment, and training resources to make the CMMC program a successful reality in the months and years ahead.


The DoD estimates that U.S. companies are losing over $6 billion USD each year in intellectual capital to competitors due to lack of any cybersecurity or awareness. Cyber attacks are on the increase and organizations must take action to protect Controlled Unclassified Information (CUI) and improve related cybersecurity processes and controls so important to national defense.

What is DoD’s Goal?

The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) recognizes that security is foundational to acquisition and cannot be treated as a “tradeoff” option along with cost, schedule, and performance. The DoD is committed to working with the DIB to enhance the protection of CUI and cyber controls and hygiene within the supply chain using the Cybersecurity Maturity Model Certification (CMMC) framework. CMMC assessments will target, review and combine various cybersecurity standards and best practices and map these controls and processes across several maturity levels that range from basic cyber hygiene to advanced/progressive. For a given CMMC level, the associated controls and processes, when implemented, are designed to reduce risk against a specific set of cyber threats.

The CMMC effort builds upon existing regulation (DFARS 252.204-7012) that is based on a "trust yet verify" approach with respect to DoD cybersecurity requirements. The goal is for CMMC to be cost-effective and affordable for small businesses to implement at the lower CMMC levels. The intent is for certified independent 3rd party organizations to conduct CMMC assessments on DIB suppliers to improve their cybersecurity capabilities and to inform them on their risks.

Who are the Key Players?

OUSD(A&S) is working with DoD stakeholders, academia, Federally Funded Research and Development Centers (FFRDCs), and industry to develop and then implement the Cybersecurity Maturity Model Certification (CMMC) program. The CMMC Accreditation Body (AB) was established in January, 2020, and the Memorandum of Understanding (MOU) between the DoD and CMMC AB to setup and operate the CMMC program was signed in March.  The AB has established numerous working groups to get the initial aspects of the ecosystem in place in Q1 and Q2 of 2020.

Read our latest CMMC Blog Post!

Sign up to learn more

Please complete form below to let us know your level of interest in CMMC.
* denotes required field.