CYBERSECURITY MATURITY MODEL CERTIFICATION (CMMC)

[controls and processes that lead to compliance]

WHAT IS CYBERSECURITY MATURITY MODEL CERTIFICATION?

Announced on June 13, 2019, The Cybersecurity Maturity Model Certification (CMMC) is the new approach by the Department of Defense (DoD) to create a unified cybersecurity standard and properly secure their supply chain and the Defense Industrial Base (DIB).

Meaning, starting in 2020, companies will need to begin the journey towards CMMC compliance in order to conduct business with the DoD. It's estimated that between 2020 - 2026 all DIB organizations will become compliant with the new CMMC framework.

On March 18, 2020, the Office of the Under Secretary of Defense for Acquisition & Sustainment released version 1.02 of the standard.

CMMC DOMAINS

The CMMC model was derived from Federal Information Processing Standards (FIPS) Publication 200 and NIST SP 800-171; and contains 17 domains:

  1. Access Control
  2. Asset Management
  3. Audit & Accountability
  4. Awareness and Training
  5. Configuration Management
  6. Identification and Authentication
  7. Incident Response
  8. Maintenance
  9. Media Protection
  1. Personnel Security
  2. Physical Protection
  3. Recovery
  4. Risk Management
  5. Security Assessment
  6. Situational Awareness
  7. System and Communications Protection
  8. System and Information Integrity

LEVELS OF CMMC COMPLIANCE

Contractors will be evaluated based upon the implementation of actual technical controls in addition to their documentation and policies. These evaluations will lead to a level certification of 1 to 5, 5 being the most secure. The higher your company certifies, the more contracts you will be eligible to bid on.

Level 5

Advanced/Progressive

Level 4

Proactive

Level 3

Good Cyber Hygiene

Level 2

Intermediate Cyber Hygiene

Level 1

Basic Cyber Hygiene

CHECKLIST

CMMC COMPLIANCE CHECKLIST

The Cybersecurity Maturity Model Certification (CMMC) is a new approach by the U.S. Department of Defense to create a unified cybersecurity standard and secure their supply chain and the Defense Industrial Base. Starting in 2020, companies will need to begin the journey towards CMMC compliance in order to conduct business with the DoD.

This checklist outlines five things to consider for CMMC compliance.

DOWNLOAD

HOW CAN WE HELP?

GreyCastle Security can assist you in several different areas covered by the CMMC compliance requirements:

Pre-Audit Consulting and Support

  • NIST 800-171 Assessment (3.11.1)
  • Vulnerability Assessment (3.11.2)
  • Remediation Support (3.11.3)

Incident Response

  • Build Plan (3.6.1)
  • Tabletop Testing (3.6.3)

Awareness Training

  • Global Awareness (3.2.1)
  • Role Specific (3.2.2)
  • Insider Threat (3.2.3)