Cybersecurity Maturity Model Certification (CMMC) Version 0.6 Arrives

Cybersecurity Maturity Model Certification

One step closer to a unified cybersecurity accreditation for defense contractors.


The Cybersecurity Maturity Model Certification (CMMC) Draft Version 0.6 is live and available here.

Draft version 0.6 includes CMMC Levels 1 – 3. Of note, “CMMC Levels 4-5 are not included in this release because public comments are still being addressed.”  The updates to CMMC Levels 4 – 5 are expected to be provided in the next public release.

This draft is one step closer to the final version — CMMC 1.0.

The CMMC will be a new contractual requirement for all DoD contractors.  The new certification requirement is intended to push defense contractors to strengthen their cybersecurity programs and standards. It will not be a self-attestation model, but rather a third-party certification and compliance model.

More in-depth analysis will follow!


Draft version 0.4 was released for public comment in September 2019.

Draft Version 0.6 was released on Friday, November 8, 2019.

According to the CMMC website, “Version 1.0 of the CMMC framework will be available in January 2020 to support training requirements. In June 2020, industry should begin to see the CMMC requirements as part of Requests for Information.”

More Information

For more information on the Cybersecurity Maturity Model Certification program and the upcoming November 19, 2019 CMMC Accreditation Body Kickoff Meeting in Arlington, Virginia, visit the CMMC website.

To join us at our November 25, 2019 webinar on the CMMC, register here.

The author, Colleen H. Johnson, JD, is a senior legal analyst at Sera-Brynn, a Virginia-based cyber risk management firm.