The Cybersecurity Maturity Model Certification (CMMC) is the Department of Defense’s (DoD) latest verification mechanism designed to ensure that cybersecurity controls and processes adequately protect Controlled Unclassified Information (CUI) that resides on Defense Industrial Base (DIB) systems and networks.
The CMMC establishes five certification levels that reflect the maturity and reliability of an organization’s cybersecurity infrastructure to safeguard sensitive government information on contractors' information systems. This framework is the vehicle by which the government will mandate a contractor’s cyber security maturity level to be verified by an independent third-party audit.
CMMC implemented requirements released
Version 1.0 finalization; compliance checklist released
DOD Signed Memorandum of Understanding with CMMC Accreditation Board
Interim version was published
CMMC will begin appearing in Requests for information (RFIs)
CMMC will begin appearing in Requests for proposals (RFPs) in early 2021
The CMMC is mandatory for all contractors doing business with the DoD at any level. All contractors are required to obtain a CMMC certification. This includes all suppliers at all tiers along the supply chain, small businesses, commercial item contractors and foreign suppliers. No organizations are permitted to receive or share DoD information related to programs & projects without having completed the CMMC Compliance.
Please note: As of October 2020, the CMMC-AB is working through its initial stand up phase and working to meet the requirements of the DoD. So, no contractors are currently CMMC certified.
Includes highly advanced cybersecurity practices. The processes involved at this level include continuous improvement across the enterprise and defensive responses performed at machine speed. This level requires an additional 34 controls.
Includes advanced and sophisticated cybersecurity practices. The processes at this level are periodically reviewed, properly resourced, and are improved regularly across the enterprise. In addition, the defensive responses operate at machine speed and there is a comprehensive knowledge of all cyber assets. This level has an additional 95 controls beyond the first three Levels.
Includes coverage of all NIST SP 800-171 Rev. 1 controls and additional practices beyond the scope of current CUI protection. Processes at this level are maintained and followed, and there is a comprehensive knowledge of cyber assets. This level requires an additional 91 security controls beyond those covered in Levels 1 and 2.
Includes universally accepted cybersecurity best practices. Practices at this level would be documented, and access to CUI data will require multi-factor authentication. This level includes an additional 115 security controls beyond that of Level 1.
Includes basic cybersecurity appropriate for small companies utilizing a subset of universally accepted common practices. The processes at this level would include some performed practices, at least in an ad hoc manner. This level has 35 security controls that must be successfully implemented.
It is never late to evaluate your cybersecurity posture. WCG is your reliable partner that understands the compliance landscape and has the experience of working with federal third-party vendors. Although the CMMC-AB program is not yet finalized, we are offering consulting and remediation services based on the latest draft version of the certification model to help you get ready for CMMC Compliance. If you do not know where your organization stands, WCG provides the following:
WCG works with our clients to develop a Plan of Action customized to their organizations to:
Our team has unparalleled experience aiding governments and businesses around the world in defending themselves against cybercrime, reducing risks, complying with regulations, and transforming their IT, security operations & infrastructure.
WCG has hands-on IT experts who have extensive knowledge and experience helping businesses.
We provide simple, straightforward pricing with no hidden agenda, miscellaneous charges, or add-on fees.
Our personable, dedicated staff to answer any questions you have at any time throughout the process.
WCG has an exceptional reputation and track record for numerous services.
We develop and customize an approach that suits your immediate requirements and future goals. To achieve this, WCG will provide pragmatic insights and balanced views on how to prioritize any associated actions.
WCG’s IT Change Management services help organizations effectively manage and implement change within their environment ...Read More
Information technology was once only considered a tool to help an organization achieve its strategy, but today it is regarded...Read More
WCG understands the importance of timely project delivery that meets the budgetary requirements and objectives of an organization ...Read More
WCG utilizes its experience, state-of-the- art security techniques, processes, tools and best practices to assist...Read More
In today’s complex digital world, where connectivity, confidentiality and availability are essential components of doing...Read More