Skip to main content
Marsh logo

Solution

Cybersecurity Maturity Model Certification Program

A streamlined solution to help organizations simultaneously pursue compliance with the federal mandate and enhance insurance coverage.
Contact us

Comprehensive

Gain a thorough understanding of compliance requirements and how to facilitate compliance with the cybersecurity standard.

Customized

Access tailored vendor selections and cyber insurance coverage designed to meet your specific needs.

Streamlined

Experience greater efficiency through an approach that integrates compliance and cyber insurance placement.

Understanding the Cybersecurity Maturity Model Certification (CMMC)

Under Department of Defense (DoD) contracts, data may be collected, created, transmitted, or received from or for the government. This includes Controlled Unclassified Information (CUI), which covers sensitive but unclassified data, and Federal Contract Information (FCI), which refers to non-public information.

Set to take effect in late 2024 and incorporated into some DoD contracts and solicitations by early to mid-2025, the Cybersecurity Maturity Model Certification (CMMC) is designed to safeguard both CUI and FCI shared between the DoD and its contractors and subcontractors.

The CMMC program establishes a framework to enforce cybersecurity requirements for systems that handle CUI and FCI, ensuring alignment with the DoD's information security standards for the defense industrial base. Under the CMMC rule, members of the defense industrial base are required to implement a varying number of cybersecurity controls depending on the type and sensitivity of the information they handle.

It is important to note that compliance with CMMC will be mandatory for all DoD contract awards, with a few limited exceptions. This makes early understanding of CMMC requirements and achieving compliance crucial for organizations looking to engage with the DoD in the near and long-term.

How can Marsh help?

Marsh has partnered with CMMC-accredited firms to create an efficient approach for defense industrial base members to understand CMMC requirements and achieve CMMC compliance. Marsh can connect clients with trusted vendors to review compliance readiness and recommend firms qualified to conduct formal assessments. This collaboration allows clients to pursue CMMC compliance, while also securing enhanced cyber insurance coverage at favorable terms, simplifying the overall process.

Click below to discover how Marsh can help your organization enhance your compliance efforts and optimize your insurance solutions.

Marsh helps clients compare and select the most suitable third-party CMMC vendors based on their unique needs and budget. Selected vendors conduct assessments to help clients determine their compliance readiness.

Clients may enjoy discounted rates on CMMC preparation consulting services and third-party assessment services, along with preferred pricing for cyber insurance coverage and terms.

By integrating CMMC compliance and cyber insurance underwriting into a single process, clients save valuable time and effort. CMMC consulting reports and assessment results can also be used to pinpoint ways to improve cyber hygiene, enabling organizations to expand their insurance options or improve existing coverage.

Cyber insurance programs are specifically designed to meet the unique needs of defense industrial base members.

Simplified access to leading cybersecurity providers

Marsh’s CMMC program is integrated into Marsh’s Cyber Marketplace, offering clients a tailored portfolio of leading third-party cybersecurity solution providers. This allows clients to easily access a diverse range of accredited vendors and services that address their specific cyber risk and control needs. The comprehensive approach not only streamlines the process of achieving CMMC compliance, but also empowers clients to make informed decisions based on their unique requirements.

Are you prepared for CMMC compliance?

Achieving compliance with the CMMC standard is crucial for organizations working with the Department of Defense. At Marsh, we can help you navigate the process of meeting federal cybersecurity standards while enhancing your insurance coverage options.

Contact us

Why Marsh

As specialists in enterprise risk and in cyber, we can help you take an enterprise-wide approach in building your cyber resilience. Together, we identify your risks, and work with you to develop a program tailored to your circumstances. We inform your approach and decision-making process with our more than 25 years of cyber experience and data-driven insights. By doing so, your path to cyber resilience can be more productive and predictive and your outcomes more efficient and effective.

Our people

Jeffrey Bird

Jeffrey Bird

Senior Vice President for Cyber Marketplace Services

  • United States

Placeholder Image

JD McCabe

Vice President, Cyber Practice

  • United States