The Cybersecurity Maturity Model Certification (CMMC) (which is still being drafted) is a brand-new cybersecurity compliance stipulation for existing Department of Defense (DoD) contractors. CMMC will replace the current self-assessment model and signals a move towards third-party certification.
CMMC will be built upon existing requirements like:
It’s the next phase of the DoD’s efforts to completely secure all aspects of the Defense Industrial Base (DIB). There will be five (5) CMMC levels designed to assess and measure the cybersecurity practices of contractors, and all vendors should thus prepare by undergoing a thorough CMMC audit:
Contractors will be judged based on the implementation of technical controls as well as the effectiveness of their documentation and policies. Everyone in the DoD supply chain must be certified. RSI Security is deeply familiar with all the security controls required by the CMMC and can help you prepare to get certified.
C3PAO (Certified Third-Party Assessment Organizations) will be the sanctioned assessors that will be licensed and certified to help you achieve compliance with all CMMC (Cybersecurity Maturity Model Certification) regulations.
RSI Security will be undergoing the process to become a C3PAO (Certified Third-Party Assessment Organization) once made available.
Any company, business, or organization that does business with the DoD will be required to meet CMMC requirements (once finalized and out of the drafting phase). CMMC levels are put forth by the DoD, and a C3PAO (Certified Third-Party Assessment Organization) will help you determine what level is necessary depending on the type of Controlled Unclassified Information (CUI) you process or handle.
CMMC DoD requirements will also take into account the maturity of your company’s institutional cybersecurity processes and practices. Working with a C3PAO as soon as possible will help you adjust your cybersecurity infrastructure to this new, third-party compliance standard and ensure your continued success as a DoD contractor.
Anyone doing business with the DOD must achieve at least a Level 1 compliance. This level requires basic cybersecurity hygiene practices appropriate for smaller companies. There are 17 specific "practices" defined in CMMC v0.7 currently. The final requirements will be released in the official 1.0 release at the end of January.
Involves universally accepted cybersecurity best practices that would be well-documented, with access to CUI requiring multi-factor authentication. Level 2 includes 46 total security controls per NIST SP 800-171 rev 1" to "Level 2 includes 55 security practices beyond level 1 per CMMC v0.7.
Level 3 requires 59 practices beyond Level 2. Processes at this level are well-followed and maintained, with a comprehensive knowledge of all cyber assets.
Level 4 requires the implementation of 26 additional advanced and sophisticated cybersecurity practices based largely on the CMMC v0.7 adaptation of NIST SP 800-171B. Level 4 processes are regularly reviewed, properly resourced, and improved company-wide. Breach responses must operate at machine speed.
Level 5 requires 44 additional security practices, most of which are CMMC adaptations of NIST SP 800-171B. Highly advanced cybersecurity practices must be in place, and processes implemented at this level must be continually reviewed and improved across your enterprise with machine-speed breach response.
Cybersecurity Maturity Model Certification (CMMC) doesn’t have to be a headache. As a top compliance certification company, RSI Security can help you prepare to meet the drafted CMMC certification requirements as soon as possible.
As a seasoned QSA (Qualified Security Assesor), ASV (Approved Scanning Vendor), authorized HITRUST CSF Assessor, and veteran in helping companies achieve compliance in various frameworks and industries including NIST 800-171 and DFARS we are prepared to help you get all of your internal processes and practices up to par in preparation for CMMC.
Ready to get started? Contact a compliance expert at RSI Security now to start preparing for your own upcoming CMMC assessment.
Get started on your CMMC compliance journey. Speak with one of our compliance experts today!