CMMC – NEW CYBERSECURITY STANDARDS FOR CONTRACTORS TO SECURITY FOR SENSITIVE INFORMATION
Cybersecurity Maturity Model Certification (CMMC) is the Department of Defense’s (DoD) new regulatory compliance model for certifying contractors to ensure that their cybersecurity controls and processes are sufficient to secure the Controlled Unclassified Information (CUI) that resides on the Defense Industrial Base (DIB) system and networks. The purpose of CMMC is to reduce complexity and confusion by consolidating a broad spectrum of regulations and guidelines, such as NIST 800-171, 48 CFR 52.204-21, DFARS clause 252.204-7012, and others.
CMMC LEVELS OF CERTIFICATION
CMMC categorizes cybersecurity programs based on the level of maturity of their practices and processes.
- Practices are the technical activities required within a capability requirement. CMMC evaluates 173 practices, and practice tiers range from “Basic Cyber Hygiene” to “Advanced/Progressive”
- Processes measure the maturity of an organization’s cybersecurity procedures. CMMC evaluates nine (9) processes, and process tiers range from “Performed” to “Optimized”.
WHAT CMMC LEVEL DO I NEED?
The CMMC maturity level your organization must achieve is based on the sensitivity of the information the contractor will work with.
- Organizations must meet both Practice and Process requirements for the level they wish to achieve.
- Organizations will have to achieve all requirements for lower levels as well as the level they wish to achieve.
- CMMC requirements apply to sub-contractors as well. Subcontractors do not need to achieve the same level as the prime contractor, but they will need to achieve the CMMC level that corresponds with the sensitivity of the information they will work with.
CMMC requires external assessments to be completed by Third Party Assessment Organizations (C3PAO’s). Assessments will determine the contractor’s CMMC level, and contractors who do not meet the requirements associated with the level required by their contract will not be able to do business with the DoD
ARE YOU READY FOR CMMC?
First Class Networks CMMC Solutions
- First Class Networks Platform Supply Chain Risk Management module mapped to CMMC requirements
- First Class NetworksCMMC Assessment Prep
- CMMC Vendor Assessment
- CMMC Product Assessment
- CMMC Continuous Monitoring
- Asset to Vendor Network cybersecurity information exchange