Cybersecurity Maturity Model Certification (CMMC)
What is it?
CMMC is a framework encompassing a range of maturity levels ranging from basic cybersecurity hygiene to advanced with the intention of combining multiple cybersecurity control standards (i.e. NIST SP 800-171, ISO 27001, etc.) into one standard. In addition to cybersecurity control standards, a measure of maturity will be taken of a company’s practices and processes.
Created by the Department of Defense (DoD), CMMC is just one part of a government-led effort to protect the US defense supply chain from interference or sabotage in the form of cyber threats. In 2015, the DoD published the Defense Acquisition Federal Regulation Supplement (DFARS), mandating private contractors must adopt cybersecurity standards that subscribe to the NIST SP 800-171 cybersecurity framework. CMMC has been created in order to ensure the proper levels of controls and processes are in place due to the slow adoption of DFARS regulations.
What are the levels?
There are five levels within CMMC, ranging from basic to advanced. At the most basic levels, a DoD contractor must implement a minimum of 17 practices from the CMMC framework. In contrast, at the “Advanced/Progressive” Level 5, a contractor must implement 171 practices from the framework.
Who does it apply to?
CMMC is intended for current or prospective United States Department of Defense contractors.
What can we do?
While available information is limited regarding what CMMC certification will involve, there is an early version 1.0 model released containing practices required for each level. With this resource, we are able to provide a pre-assessment determining an organization’s readiness level to achieve CMMC certification depending upon target level and strategic direction. Upon completion of a pre-assessment, clients will have a clearer understanding of any gaps in their systems and what steps will need to be undertaken to close them before a full CMMC audit.
To learn more about CMMC or how PJR pre-assessment may help you prepare, contact us at (248) 358-3388.