The CMMC – Cybersecurity Maturity Model Certification – is a unified standard for implementing cybersecurity across the defense industrial base (DIB) supply chain and requires contractors to obtain third-party assessments of their compliance with certain mandatory practices, procedures and capabilities. Trustwave Services for CMMC compliance can help advance flexible security by providing clients with customized security maturity levels between 1 and 5, as required by their unique goals.
CMMC: What you need to know
- The framework is specifically for the Department of Defense only. All 300,000+ members of the DIB, which include suppliers of goods and services to the DoD need to become CMMC-certified—regardless of size.
- One of the most impactful requirements of the CMMC is that the certifications will be determined by accredited and independent third-party certified organizations.
- Prior to the CMMC, the DoD required all contractors and subcontractors to be NIST SP 800-171 compliant. Not only will this still be the case regarding the new framework, but other portions of cybersecurity standards will be brewed into the new cybersecurity model, including NIST SP 800-53, ISO 270001 and ISO 27032.
- What are the five levels of maturity?
- Level 1: Safeguard Federal Contract Information (FCI)
- Level 2: Serve as transition step in cybersecurity maturity progression to protect CUI
- Level 3: Protect Controlled Unclassified Information (CUI)
- Levels 4 & 5: Protect CUI and reduce risk of Advanced Persistent Threats (APTs)