Cybersecurity Maturity Model Certification (CMMC) is a framework that the Department of Defense developed to ensure that contractors and subcontractors achieve and maintain predetermined levels of compliance to protect fedral contract information (FCI) and controlled unclassified information (CUI).
CMMC is designed to enhance security of FCI and CUI to thwart any country or person acting with malicious intent.
Any organization that handles FCI or CUI as part of its work as a contractor, subcontractor or supplier to the U.S government will need to attain CMMC certification.
Future government contracts will say whether an organization will need to be certified at level 1, 2 or 3. To be compliant, organizations will identify what level of certification they need and either self attest or apply for an auditor to help.
At CMMC Level 1, basic safeguarding requirements are in place (such as antivirus software and physical security). Organizations who wish to achieve certifications at this level must implement 17 controls of NIST 800-171.
At CMMC Level 2, assessors will ensure security requirements for CUI specified in NIST 800-171 are implemented.
CMMC Level 3 is focused on reducing the risk from Advanced Persistent Threats (APTs). The DoD is still determining the specific security requirements for the Level 3, but has indicated that its requirements will be based on NIST 800-171 110 controls plus a subset of NIST 800-172 controls.
Questions About Cybersecurity Maturity Model Certification (CMMC) 2.0? A cybersecurity expert explains what’s new and what it means.
Why is it important to prepare now for CMMC (Cybersecurity Maturity Model Certification)? Organizations that meet the cybersecurity policies during CMMC assessment will qualify for opportunities to bid on government contracts and subcontracts.
Read this article to find out what NIST 800-171 is, what you need to do, and how it ties to CMMC.
You should fill out this form if:
✔️You need IT support that meets your business goals
✔️ You need help with cybersecurity to secure your company's data
✔️You need a clear strategic IT plan to support your business growth