What is the CMMC?
CMMC stands for Cybersecurity Maturity Model Certification. This certification will be taking over the role of NIST 800 – 171 regarding qualifications to work with the Department of Defense. The Cybersecurity Maturity Model Certification will have many of the same controls as NIST 800 – 171 but will have about 33 more in addition. CMMC will be needed by every contractor and subcontractor to continue working with the DoD by 2020. So, is your business ready for CMMC?
A lot of details of the CMMC are still being determined.
CMMC will have several of the same controls as NIST 800-171. Also, there is a requirement of a 3rd – party audit in order to receive certification. This is different from the self- verification of NIST. With NIST, contractors could rank themselves with the honors- system. Now, with CMMC, this is not the case. The contractors will have to find a CMMC approved auditor and go through the process. The auditor will rank the contractors from 1 to 5. The levels of the contractors are important because that will determine not only the contractors’ status, but this will also show which contracts they can bid on.
What are the levels of CMMC?
Now that we know what the requirements are, let’s go over the levels. There are five levels of the CMMC. These levels are based on the maturity level of your security standards. The levels range from 1 to 5. Level 1 is the most basic level, “Basic Cyber Hygiene”. The next Level is 2, “Intermediate Cyber Hygiene”. Following, is Level 3, which is “Good Cyber Hygiene”. Level 4 is “Proactive”. Finally, Level 5, is the “Advanced or Progressive” level. The higher the maturity level, the better off your company will become.
Common Questions regarding CMMC
There is still unknown information about the CMMC. The information below is what we do know now.
- The final version of the CMMC will be available this upcoming January (2020).
- The auditors for the CMMC must be an approved, non-related, 3rd- party.