The CMMC is a standard being implemented by the US Department of Defense (DoD) to protect the sensitive information it holds and systems it operates from cyber-attacks.  The CMMC programme will impact the global Defense Industrial Base (DIB) and the 300,000 companies within it including those based in the Asia-Pacific.  

Companies will be required to be assessed for their compliance to the NIST SP 800 – 171 cyber security framework, currently defined under DFARS 252.204-7012.  Whilst the requirement for safeguarding the relevant defense information is not a new one, CMMC will add a requirement for prime contractors and their subcontractors to be CMMC certified to an appropriate level of cyber maturity before they can undertake new contracts.

This website is a part of the CMMC Centre of Excellence network including the US and UK/EU. It has been created to support companies in the Asia-Pacific understand the requirements for CMMC compliance. It provides guidance and support for companies to comply with cyber security requirements outlined by the CMMC framework and the broader deployment of cyber risk management solutions to maintain cyber security and seize market opportunities.