<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=352585001801011&amp;ev=PageView&amp;noscript=1">

Cybersecurity Maturity Model Certification (CMMC) Compliance

You’ve implemented NIST 800-171. Next up is Cybersecurity Maturity Model Certification (CMMC). It is the next generation of protection for data shared within the U.S. Defense Industrial Base (DIB).

What Is Cybersecurity Maturity Model Certification (CMMC) Compliance?

Cybersecurity Maturity Model Certification (CMMC) is a framework that the Department of Defense developed to ensure that contractors and subcontractors achieve and maintain predetermined levels of compliance to protect fedral contract information (FCI) and controlled unclassified information (CUI).

What Is The Goal Of CMMC?

CMMC is designed to enhance security of FCI and CUI to thwart any country or person acting with malicious intent.

Who Needs To Be Compliant?

Any organization that handles FCI or CUI as part of its work as a contractor, subcontractor or supplier to the U.S government will need to attain CMMC certification.

compliant

What Does CMMC Require?

Under CMMC, the implementation of cybersecurity requirements may be assessed by authorized, independent, third party auditors.

Future government contracts will say whether an organization will need to be certified at level 1, 2 or 3. To be compliant, organizations will identify what level of certification they need and either self attest or apply for an auditor to help.

What Level Of CMMC Do You Need?

CMMC 2.0 will include three levels: foundational, advanced, and expert.
Level 1
Level 2
Level 3

Foundational

Safeguard Federal Contract Information (FCI)

At CMMC Level 1, basic safeguarding requirements are in place (such as antivirus software and physical security). Organizations who wish to achieve certifications at this level must implement 17 controls of NIST 800-171.

Advanced

Protection of Controlled Unclassified Information (CUI).

At CMMC Level 2, assessors will ensure security requirements for CUI specified in NIST 800-171 are implemented.

 

Expert

Protection of CUI and risk of Advanced Persistent Threats (APTs)

CMMC Level 3 is focused on reducing the risk from Advanced Persistent Threats (APTs). The DoD is still determining the specific security requirements for the Level 3, but has indicated that its requirements will be based on NIST 800-171 110 controls plus a subset of NIST 800-172 controls.

What To Do Next

We've helped companies just like yours learn what steps to take to achieve compliance.

It can take months to become fully compliant and the controls outlined in NIST 800-171 provide the basis for CMMC compliance.

Get started by downloading this checklist.

5 Steps To Take Now To Prepare For CMMC Compliance

Learn more about CMMC

Make Your IT Problems Go Away - 3 Easy Steps

Fill out the form and watch the video below where our content manager, Karen, explains what happens next.

  1. Fill out the simple form.
  2. Meet with an IT professional for a discovery call.
  3. Never worry about your IT and let us bring the right solution to your business.