CMMC

 

The Department of Defense has introduced a new standard, the Cybersecurity Maturity Model Certification. Are you ready?

compliance

What is CMMC compliance?


The Department of Defense (DoD) designed CMMC to protect Controlled Unclassified Information (CUI) across their supply chain.

CUI can include a variety of data, including:

  • Financial
  • Intelligence
  • Legal
  • And more...

CMMC is designed to incorporate processes, practices and approaches to protect that data and improve the defense contractor's ability to safeguard their sensitive information and give the DoD a way to easily identify vendors who practice good cyber hygiene.

There are five different levels of CMMC certification. After implementing the controls necessary to achieve certification,  the customer must use a CMMC Third-Party Assessment Organization (C3PAO) to perform a formal security audit.
 

Self-attestation is no longer allowed.

What are the five levels of CMMC certification?


The five levels of CMMC certification revolve around the implementation of a set number of NIST 800-171 controls.
 
The five levels are:

 1. Basic Cyber Hygiene
 2. Intermediate Cyber Hygiene
 3. Good Cyber Hygiene
 4. Proactive Cybersecurity
 5. Advanced/Progressive Cybersecurity
 

Security7 Networks can help you conform to CMMC by implementing:

  • Access Control
  • Awareness and Training
  • Audit and Accountability
  • Configuration Management
  • Identification and Authentication
  • Incident Response
  • Maintenance
  • Media Protection
  • Personnel Security
  • Physical Protection
  • Risk Assessment
  • System and Communications Protection
  • System and Information Integrity
  • And much, much more!

Schedule a FREE consultation today!

Request a FREE Consultation for Your Business

2022 - Website - Images - Newsletter-01-01

 

Stay up to date.

Subscribe to the Security7 Newsletter.

News, guides, general banter, we cover it all! Never miss a minute. Subscribe to our weekly newsletter and stay up-to-date on all the cybersecurity news fit to print.

Learn More

1 min read

Dark Utilities: Off the shelf Command-And-Control Attacks...

Entities offering Cyberattacks-as-a-Service are fairly common and the newest member of the club, called Dark Utilities,...

6 min read

What is a Managed Cybersecurity Services Provider?

We talk a lot about being a Managed Cybersecurity Services Provider and I thought it'd be a good idea to dive into...

Check Out or New Social Engineering Attack Guide!

We've been warning people for YEARS regarding the dangers posed by Social Engineering Attacks. We decided it was time...

2 min read

Raccoon Stealer v2: What You Need to Know...

Raccoons! Trash pandas! Mother Nature's bandits. Those sneaky little devils. They'll be the ruination of us all! Okay,...

1 min read

Apple Patches Multiple Vulnerabilities: Get Patching!

The Cupertino Fruit Company rolled out a bevy of software updates dedicated to fixing security flaws currently plaguing...

2 min read

H0lyGh0st Ransomware: North Korea's New Weapon

Kim Jong-Un and his North Korean cronies have created a new cyber threat development group called H0lyGh0st (or...

4 min read

Are Passkeys the Future? Apple Seems to Think So...

It's no secret that passwords are a pain in the butt. They can be difficult to remember, they're a huge target for...

2 min read

Alert: Follina aka CVE-2022-30190

A newly discovered exploit is using a flaw in Microsoft's Support Diagnostic Tool (MSDT) to remotely take over...

4 min read

Chaos/Yashma: The Torrid Tale of a GUI Based Ransomware Builder...

It used to take a good deal of coding knowledge to build a website or an application. That's not the case anymore. You...