Faced with increasing cybersecurity risks that do not appear to be slowing down, the Department of Defense (DoD) has taken proactive steps to establish Maturity Cybersecurity Model (CMMC) certification. CMMC will soon become a requirement for defense vendors or other vendors that are or are seeking partnerships with the Department of Defense.
What is CMMC Compliance?
The primary objective of certifying the cybersecurity maturity model is to protect what is known as Information Without Controlled Classification (CUI) in the Department of Defense supply chain. You can naviagate online to get information about CMMC in Washington DC.
Below is a brief description of the individual certification levels:
Level 1 Demonstrates "Basic Cyber Cleanliness" – Department of Defense contractors wishing to be assessed at this level must implement 17 controls from NIST 800-171 rev1.
Stage 2 demonstrates "Intermediate Cyber Cleanliness" – Here the DoD contractor has to implement 48 additional controls on the NIST 800-171 rev1 as well as seven new "Other" controls.
Level 3 Demonstrates "Good Cyber Cleanliness" – To achieve Level 3 certification, the last 45 controls of NIST 800-171 Rev1 plus 13 new "Other" controls must be applied.
Level 4 Demonstrates "Proactive" Cybersecurity – In addition to the controls in Levels 1 to 3, 11 additional controls from NIST 800-171 Rev2 must be applied, plus 15 new "Other" controls.
Level 5 demonstrates "advanced / progressive" cybersecurity – To reach this highest level, the DoD contractor must implement the last four controls in NIST 800-171 Rev2 plus 11 new "other" controls.