INDUSTRY NEWS Author: Uday Ali Pabrai, CISSP, CMMC RP, HITRUST CCSFP, MSEE, Security+ Date Published: 19 April 2021 Advanced persistent threats (APTs) require that organizations respond with active and credible cyberdefenses. This is the focus of Maturity Level 5 of the US Department of Defense (DoD) cybersecurity standard, the Cybersecurity Maturity Model Certification (CMMC). Maturity Level 5 focuses on the protection of Controlled Unclassified Information (CUI) and is the highest level of cybersecurity defined in the CMMC standard. 1 Maturity Level 5 requires an enterprise to standardize and optimize process implementation across the organization. The CMMC standard is all about establishing cyberresilience in the supply chain. CMMC Maturity Levels 4 and 5 include practices to enhance the detection and response capabilities of an organization to address and adapt to the changing tactics, techniques and procedures (TTPs) used by APTs.