Cybersecurity capabilities are an important component for the protection of FCI and CUI data. Capabilities are not single outcomes but a combination of processes, skills, knowledge, tools and behaviours which work together to enable an organisation to deliver a specific security outcome. The CMMC framework defines 43 cybersecurity capabilities associated with 17 security domains. Which should be achieved by an organisation for each level of maturity (Level 1, 2, 3, 4 or 5), if the associated cybersecurity practices are deployed and managed appropriately.
The 17 security domains and associated 43 capabilities are detailed below.