CMMC represents a “sliding scale” of information security program levels starting with level 1, or basic security program, through levels 4 and 5, which represent the highest levels of protection for our nation’s most sensitive information. The first M, “Maturity,” represents how integrated your security program may be with your day-to-day business activities. The second M, “Model,” is based on a collection of international standards and best practices for security IT and information processing.