Get Help Now
CONTACT US

COMPLIANCE > CYBERSECURITY MATURITY MODEL CERTIFICATION (CMMC)

Cybersecurity Maturity Model Certification

[Controls and Processes that Lead to Compliance]

What is Cybersecurity Maturity Model Certification?

Announced on June 13, 2019, The Cybersecurity Maturity Model Certification (CMMC) is the new approach by the Department of Defense (DoD) to create a unified cybersecurity standard and properly secure their supply chain and the Defense Industrial Base (DIB).

Meaning, starting in 2020, companies will need to begin the journey towards CMMC compliance in order to conduct business with the DoD. It’s estimated that between 2020 – 2026 all DIB organizations will become compliant with the new CMMC framework.

On March 18, 2020, the Office of the Under Secretary of Defense for Acquisition & Sustainment released version 1.02 of the standard.

CMMC Domains

The CMMC model was derived from Federal Information Processing Standards (FIPS) Publication 200 and NIST SP 800-171; and contains 17 domains:

  • Access Control
  • Asset Management
  • Audit & Accountability
  • Awareness and Training
  • Configuration Management
  • Identification and
  • Authentication
  • Incident Response
  • Maintenance
  • Media Protection
  • Personnel Security
  • Physical Protection
  • Recovery
  • Risk Management
  • Security Assessment
  • Situational Awareness
  • System and Communications
  • Protection
  • System and Information Integrity

Levels Of CMMC Compliance

Contractors will be evaluated based upon the implementation of actual technical controls in addition to their documentation and policies. These evaluations will lead to a level certification of 1 to 5, 5 being the most secure. The higher your company certifies, the more contracts you will be eligible to bid on.

Basic Cyber Hygiene
This level entails basic cyber hygiene practices. Requirements include basic cybersecurity practices such as changing passwords regularly and using antivirus software to protect Federal Contract Information (FCI).

Intermediate Cyber Hygiene
This level ups the requirements to ‘intermediate’ cyber hygiene practices. Contractors are required to implement requirements set by the National Institute of Standards and Technology’s SP 800-171 Revision 2.

Good Cyber Hygiene
This level requires the implementation of NIST SP 800-171 Revision 2 standards, just like Level 2. It also ups the stakes and includes additional unspecified standards.

Proactive
Level 4 requires contractors to be well equipped to repel Advanced Persistent Threats (APTs). An APT is not only persistent, as implied, but also more sophisticated than ordinary attacks.

Advanced/Progressive
Level 5 ups the stakes on protecting against APTs. Contractors are required to set standardized and optimized cybersecurity practices. The contractors should also actively and continually exploit additional enhanced cybersecurity practices.

CMMC Compliance Checklist

The Cybersecurity Maturity Model Certification (CMMC) is a new approach by the U.S. Department of Defense to create a unified cybersecurity standard and secure their supply chain and the Defense Industrial Base. Starting in 2020, companies will need to begin the journey towards CMMC compliance in order to conduct business with the DoD.

This checklist outlines five things to consider for CMMC compliance.

How Can We Help?

We can assist you in several different areas covered by the CMMC compliance requirements:

Pre-Audit Consulting And Support
NIST 800-171 Assessment (3.11.1)
Vulnerability Assessment (3.11.2)
Remediation Support (3.11.3)

Incident Response
Build Plan (3.6.1)
Tabletop Testing (3.6.3)

Awareness Training
Global Awareness (3.2.1)
Role Specific (3.2.2)
Insider Threat (3.2.3)

Let’s Discuss Your Cybersecurity Needs

Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Youtube
Consent to display content from - Youtube
Vimeo
Consent to display content from - Vimeo
Google Maps
Consent to display content from - Google
Spotify
Consent to display content from - Spotify
Sound Cloud
Consent to display content from - Sound
Contact Us