Is your business required to comply with CMMC?
The Cybersecurity Maturity Model Certification (CMMC) is a set of standards and guidelines that apply to companies that provide services to the U.S. Department of Defense (DoD) and handle Controlled Unclassified Information (CUI). The CMMC applies to all organizations that contract with the DoD, regardless of their size or location. This includes prime contractors, subcontractors, and suppliers at all tiers.
What does it mean?
Companies that fall under the jurisdiction of the CMMC must meet certain cybersecurity requirements in order to be compliant. These requirements vary depending on the level of maturity the company has achieved, and are based on the following five maturity levels:
- Level 1: Basic Cyber Hygiene
- Level 2: Intermediate Cyber Hygiene
- Level 3: Good Cyber Hygiene
- Level 4: Proactive
- Level 5: Advanced/Progressive
Companies that work with the DoD must attain a specific level of maturity, depending on the nature of their work. They will be required to have an independent third-party assessor to certify their compliance with the standard.
What protections do I need?
Some of the common protections that companies may need to implement to be compliant with the CMMC standard include:
- Network segmentation
- Identity and access management
- Security incident management
- Risk management
- Cybersecurity training
- Continuous monitoring
- Vulnerability management
- Security assessment and authorization