CMMC Compliance

CMMC – NEW CYBERSECURITY STANDARDS FOR CONTRACTORS TO SECURITY FOR SENSITIVE INFORMATION

Cybersecurity Maturity Model Certification (CMMC) is the Department of Defense’s (DoD) new regulatory compliance model for certifying contractors to ensure that their cybersecurity controls and processes are sufficient to secure the Controlled Unclassified Information (CUI) that resides on the Defense Industrial Base (DIB) system and networks. The purpose of CMMC is to reduce complexity and confusion by consolidating a broad spectrum of regulations and guidelines, such as NIST 800-171, 48 CFR 52.204-21, DFARS clause 252.204-7012, and others.

CMMC Compliance Solutions 3

CMMC LEVELS OF CERTIFICATION

CMMC categorizes cybersecurity programs based on the level of maturity of their practices and processes.

  • Practices are the technical activities required within a capability requirement. CMMC evaluates 173 practices, and practice tiers range from “Basic Cyber Hygiene” to “Advanced/Progressive”
  • Processes measure the maturity of an organization’s cybersecurity procedures. CMMC evaluates nine (9) processes, and process tiers range from “Performed” to “Optimized”.

CMMC Compliance Solutions 4

WHAT CMMC LEVEL DO I NEED?

The CMMC maturity level your organization must achieve is based on the sensitivity of the information the contractor will work with.

  • Organizations must meet both Practice and Process requirements for the level they wish to achieve.
  • Organizations will have to achieve all requirements for lower levels as well as the level they wish to achieve.
  • CMMC requirements apply to sub-contractors as well. Subcontractors do not need to achieve the same level as the prime contractor, but they will need to achieve the CMMC level that corresponds with the sensitivity of the information they will work with.

CMMC ASSESSMENTS

CMMC requires external assessments to be completed by Third Party Assessment Organizations (C3PAO’s).   Assessments will determine the contractor’s CMMC level, and contractors who do not meet the requirements associated with the level required by their contract will not be able to do business with the DoD

ARE YOU READY FOR CMMC?

First Class Networks CMMC Solutions

  • First Class Networks Platform Supply Chain Risk Management module mapped to CMMC requirements
  • First Class NetworksCMMC Assessment Prep
    • CMMC Vendor Assessment
    • CMMC Product Assessment
    • CMMC Continuous Monitoring
  • Asset to Vendor Network cybersecurity information exchange

Does your organization need CMMC Compliance?

Contact us today!