CMMC
Cybersecurity Maturity Model Certification
Overview
WHAT IS CYBERSECURITY MATURITY MODEL CERTIFICATION (CMMC)?
The Cybersecurity Maturity Model Certification (CMMC) is a cybersecurity framework for US defense contractors. It combines different standards and requirements to measure the cybersecurity maturity of the defense supply chain.
The Defense Industrial Base (DIB) has long been required to implement adequate measures to protect any sensitive government information it handles on its networks. These requirements are always evolving to defend against changing security threats and, in the past 10 years, have grown from general requirements to obligatory compliance with entire frameworks, such the NIST 800-171 specifications when contractors handle controlled unclassified information (CUI) on their networks.
In January 2020, the US Department of Defense (DoD) released the first version of CMMC framework. Over the next five years, those defense contractors in the DoD supply chain who process CUI or federal contracting information (FCI) will be required to obtain CMMC certification to demonstrate their level of cybersecurity maturity for their respective DoD contracts.
The five maturity levels of CMMC
The CMMC sets out 171 practices across five levels, designed to assess an organization’s implementation of cybersecurity and the maturity of its processes. Each level reflects the maturity of the contractor’s cybersecurity processes, practices, and infrastructure. The levels are cumulative, so each one builds on the previous level. For example, to achieve level 3, compliance must be held for the previous levels of CMMC too.
The five maturity levels of CMMC are:
- Level 1 | Basic Cyber Hygiene (35 security controls)
- Level 2 | Intermediate Cyber Hygiene (115 security controls)
- Level 3 | Good Cyber Hygiene (91 security controls)
- Level 4 | Proactive (95 security controls)
- Level 5 | Advanced / Progressive (34 security controls)
Methodology
1. Baselining: Determine your current state of CMMC readiness
- Develop a focused plan with a consultant to determine your current state of readiness and what is required for achieving your desired level of compliance
- Determine if you manage CUI and how you will protect it
- Create a gap assessment between where your company currently is and where you need to be
- Create POAMs (Plan of Action and Milestones) for the controls you don’t currently meet.
2. Implementation
- Execute against the POAM and implement the actions you identified.
- Close the gaps
- Implement new procedures, training and tools to remediate the gaps.
3. Enact
- Implement monitoring of necessary systems
- Begin training your employees on the new security requirements.
- Resolve outstanding issues. Take time to work through the SSP and adjust accordingly
4. Assessment
- Undergo an audit by C3PAO
- Be prepared to present proof of controls met
- Be prepared for continuous improvement
How Vtangent can help?
CMMC Gap Analysis
Assess and analyze the systems, processes, and procedures in place and compare them with the CMMC standard.
CMMC Remediation
Address security risks and deficiencies uncovered in the CMMC Gap Analysis.
CMMC Pre-Assessment
Delves deep into your security infrastructure, collecting documentation and verifying that each control and sub-control is met.
CMMC Awareness Training
All your employees receive security awareness training to understand the entire lifecycle of CUI data from creation to secure disposal to improve the human side of security.
Why Vtangent ?
Reasons you can rely on us.
High-quality Service
Outcome Focused
Actionable & Detailed Reports
Product Agnostic
Expertise
Vtangent employs highly-certified and experienced cybersecurity professionals with deep expertise in a broad range of security domains. Our security qualifications:
Contact Us
Tell us About Your Cybersecurity Needs.
Get a free quote !
A specialist will reach out to:
- Understand your needs
- Determine your project scope
- Provide a cost estimate
- Send you a detailed proposal
Email: info@vtangent.com