The Cybersecurity Maturity Model Certification (CMMC) is a standard for creating and executing cybersecurity safeguards within the defense industrial base (DIB). In response to the escalating cybersecurity threats faced by contractors, the U.S. Department of Defense (DoD) released version 1.0 of the CMMC on January 31, 2020 as part of a phased rollout approach. CMMC certification is already required for some DoD contracts and is expected to become a requirement for any defense contractors or vendors that are, or wish to, work with the Department of Defense.
The 5 Levels Of CMMC Compliance
With technology evolving at a rapid pace, contractors and subcontractors must ensure that they have the right cybersecurity processes and practices in place. The CMMC has established five certification levels that signify maturity of a business’s cybersecurity infrastructure to keep sensitive government data safe on contractor’s information systems. Each level is tiered and requires compliance with requirements on lower levels.
CMMC Level 1
Level 1 is considered the foundation for the DIB, including contractors seeking to achieve a higher level of certification. To achieve level 1, a defense contractor must demonstrate basic cyber hygiene as it is defined in 48 CFR 52.204-21. This level is achievable for small businesses and includes universally-accepted cybersecurity practices but offers limited protection.
CMMC Level 2
Level 2 features two processes intended to establish a policy around each CMMC domain. Level 2 also adds an additional 55 practices to the 17 that exist in level 1 for a total of 72 controls. Although the DoD has announced that there will be no defense contracts that require CMMC level 2, these practices are still important and the requirements should be met whenever possible.
CMMC Level 3
CMMC level 3 indicates overall good cyber hygiene. However, it does have its limitations when compared with higher levels. Companies that become CMMC level 3 certified may still encounter challenges when trying to defend against advanced persistent threats (APTs). The biggest difference between level 2 and level 3 relates to the process maturity of these levels.
CMMC Level 4
CMMC level 4 consists of 8 procedural practices and 18 technical practices. To comply with level 4 requirements, a company must review and measure their practices for effectiveness and take corrective action if necessary. This level places a heavy focus on the protection of sensitive information from APTs and includes several advanced security requirements from NIST SP 800-172.
CMMC Level 5
CMMC level 5 signifies the highest achievable level and consists of 15 additional practices. This level requires organizations to meet “advanced” cyber hygiene standards and to optimize their security procedures and processes. Level 5 also focuses on decreasing the risk of Advanced Persistent Threats (APTs) and improving the protection of Controlled Unclassified Information (CUI).
Ready To Get Started?
Speak with our team of managed IT service providers to learn more about what requirements your organization needs to become CMMC compliant.
About SeaGlass Technology
SeaGlass Technology serves organizations across New York City and New Jersey to ensure they never have another issue with their network. In addition to onsite installation, maintenance and other services, we offer remote monitoring & management to control your network right from our offices. This means you would never have to schedule a time for us to come in for issues that can be fixed remotely.
We have been around for just about as long as the Internet has, so we know a thing or two about it. Our professionals have extensive experience and insight into the technology industry and enjoy helping clients with their IT needs. Whether your organization simply wants to start storing data in the cloud or needs assistance with business continuity after a natural disaster, our team will help out as soon as possible.
Hours of Operation:
9AM – 5PM
Brooklyn, Manhattan, Queens, Staten Island, The Bronx, Long Island, Brick Township, Edison, Hackettstown, Morristown, Newark, Toms River, Trenton, and more
Assessment & Advisory Services
SeaGlass Technology helps DoD contractors gain a deeper understanding of the security risks they face and how they can guard against these threats. Our team of knowledgeable IT security compliance experts can help businesses better manage their IT systems, remain compliant and gain a competitive edge in their industry.
Businesses that aim to comply with CMMC must first identify what level of compliance they need to reach. Many DoD requests for proposals (RFPs) require a minimum of level three CMMC compliance. In most cases, all requirements under level three should already be instituted as part of a business’s standard cybersecurity defense program. Ideally, DIB contractors should begin at level 3 and gradually move to levels 4 or 5 as they begin to bid on contracts that involve gaining access to more sensitive data.
SeaGlass Technology CMMC compliance services aim to help businesses become certified at the desired level of CMMC. We work directly with contractors to help them meet all requirements for compliance and implement the proper security controls for targeted and streamlined business processes. Once requisite controls are met, the security program can be audited to compare the new information security program against the desired certification level.
Expert-Guided Compliance Solutions
SeaGlass Technology has extensive experience working with a wide range of businesses. We specialize in helping contractors meet complex compliance requirements such as CMMC, HIPAA, GDPR, PCI-DSS and others. Our expert IT security compliance professionals can help businesses build proactive information security programs, get accredited for CMMC and safeguard sensitive government information from cybercriminals.
Count On SeaGlass Technology For:
- CMMC Consulting Solutions – Trust our cybersecurity consultants to determine the best solutions with the least amount of impact on business processes.
- NIST-171 Compliance Solutions – Implement and document complete NIST-171 controls quickly and cost-effectively.
- CMMC Gap Assessment Solutions – Conduct a CMMC Gap Assessment to help better understand where gaps remain when creating a new, or modifying existing cybersecurity controls.
Schedule A Consultation With SeaGlass Technology
Remaining compliant with IT security standards can help businesses avoid hefty fines, improve customer relations and form better partnerships. For more information about CMMC compliance services or to schedule a consultation, contact SeaGlass Technology online or over the phone at (212) 866-0790.