The Cybersecurity Maturity Model Certification (CMMC)

Safeguards for defense contractors

The Cybersecurity Maturity Model Certification (CMMC) is a certification process under development by the US Department of Defense (DoD). Once finalized by DoD, CMMC will require certain cybersecurity practices for many contractors and subcontractors doing business with the DoD. Rapid7’s solutions can help organizations prepare for and achieve CMMC compliance.

CMMC’s 110+ security practices are organized into 14 domains, with each domain representing a general category of cybersecurity control aligned with the NIST 800-171 standard. Contractors that certify at CMMC Level 1 must fulfill 17 security practices and self-assess annually, and Levels 2-3 require 110+ practices and obtain a third-party assessment at least every three years.

Below, learn more about how Rapid7’s solutions can help fulfill each CMMC domain.

CMMC Security Rule

	InsightVM & Managed VM	InsightIDR & MDR	InsightAppSec & Managed AppSec	InsightCloudSec	Metasploit	Consulting Services

Rapid7 CMMC Brief

If you seek DoD or DHS contracts, you may be required to demonstrate sound cybersecurity practices and processes through CMMC. Rapid7 can explain what’s required, and our solutions can help your company achieve and maintain compliance.

Go to Brief