What is CMMC?
The CMMC – Cybersecurity Maturity Model Certification – is a unified standard for implementing cybersecurity across the defense industrial base (DIB) supply chain with certain mandatory cybersecurity practices, procedures and capabilities.
Trustwave can help organizations move beyond basic cyber hygiene to achieve their security maturity goals, targeted CMMC compliance levels, and continue servicing and bidding on DoD contracts.
What is CMMC Certification?
- The framework of CMMC is limited to Department of Defense contractors only. Regardless of size, all 300,000+ members of the DIB need to become CMMC-certified, according to the CMMC accreditation body (CMMC-AB), which administers the plan on behalf of the DoD.
- One of the most impactful requirements of the mandate is that the CMMC assessments – based on 5 different levels of security maturity – are performed and certified by an independent third party CMMC assessors, accredited by the CMMC-AB.
- Prior to CMMC, the DoD required all contractors and subcontractors to be NIST SP 800-171 compliant and self-certify on their adherence to these rules. Although the new framework includes these requirements, additional cybersecurity standards will also be baked into the new cybersecurity model, including NIST SP 800-53, ISO 270001 and ISO 27032. Meeting these standards – and being certified by an accredited certification assessor – is a requirement to continue fulfilling or bidding on DoD contracts.
- What are the 5 CMMC levels?
- Level 1: Safeguard Federal Contract Information (FCI)
- Level 2: Serve as transition step in cybersecurity maturity progression to protect CUI
- Level 3: Protect Controlled Unclassified Information (CUI)
- Levels 4 & 5: Protect CUI and reduce risk of Advanced Persistent Threats (APTs)