The Cybersecurity Maturity Model Certification (CMMC) seeks to help secure the Defense Industrial Base (DIB) supply chain by requiring contractors and subcontractors to standardize their security controls. With CMMC 2.0, the Office of the Under Secretary of the Defense Acquisition and Sustainment (OUSD(A&S)) designated National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 as the foundation of the framework.

Adoption of Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS) applications means navigating the Shared Responsibility Model. Under the Shared Responsibility Model, the cloud services provider takes care of the infrastructure’s security, but you need to secure what happens within that environment. According to the State of Cloud Native Security Report, 50% of companies surveyed reported that maintaining comprehensive security remained a challenge.