The goal is to have one cybersecurity or system security standard within the DoD, which is the CMMC model. Other government agencies have different standards.
The CMMC model incorporates NIST SP 800-171 and elements from NIST SP 800-53, ISO 27001, ISO 27032, and others. In addition to the control standards, the CMMC model requires institutionalizing these system security practices and processes.
