The Cybersecurity Maturity Model Certification is a new unified standard for implementing cybersecurity across the defense industrial base (DIB). The CMMC is the Department of Defense’s (DoD) response to significant compromises of sensitive data located within their supply chain, which consists of over 300,000 companies.
There are 5 different maturity levels of the Cyber Security Maturity Model, ranging from the minimum level of security with 17 requirements, and the highest level of maturity with over 170 requirements. An organization will be eligible for various contracts based on its maturity level.
For example, most contracts that don’t have Controlled Unclassified Information will most likely only need a level 1 maturity certification. The higher the level of compliance with CMMC, the more contracts an organization is eligible to bid and win. Although proof of compliance with CMMC is not needed at the time of the bid, it will be needed to formally accept the contract.
A Registered Provider Organization and their Registered Practitioners offer advice, consulting, and recommendations to their clients in regards to the CMMC ecosystem. The goal of an RPO is to help companies within the DoD supply chain determine what maturity level they must acquire and guide them through the process through to certification.
To be an authorized CMMC RPO, an organization must pass an organizational background check and have at least one Registered Practitioner must be associated with the RPO at all times.
A common misconception is that an RPO and its Registered Practitioners conduct the CMMC audits, but this is not the case. Registered Provider Organizations and Registered Practitioners prepare an organization for the official CMMC audit that is performed by a Certified Third-Party Assessor Organization (C3PAO) and Certified CMMC Assessors.
Requires that an organization performs and adheres to 17 cybersecurity requirements
Intermediate Cybersecurity Hygiene
Requires that an organization performs and adheres to an additional 55 requirements. Involving, establishing, and documenting policies and practices that will guide the implementation of their CMMC efforts.
Good Cybersecurity Hygiene
Requires that an organization create and maintain a management plan that displays the management of necessary activities for practice implementation.
Proactive Cybersecurity Hygiene
Requires that an organization reviews and measures specific practices for security effectiveness.
Advanced Proactive Cybersecurity Hygiene
Requires that an organization standardize and optimize process implementations throughout the organization.
Privacy & Cookies Policy
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.