The Department of Defense (DoD) has reported a loss of Controlled Unclassified Information (CUI) from the Defense Industrial Base (DIB), resulting in an increased threat to national security and the economy as a whole. To protect against these risks, the DoD has taken additional measures to protect CUI by implementing standards like the Cybersecurity Maturity Model Certification (CMMC).
In January 2020, version 1.0 of the CMMC framework was released. Defense companies that wish to do or continue doing business with the DoD (with the exception of businesses handling COTS) must comply with one of the five CMMC levels. CMMC level 1 is the lowest level of security controls that a defense contractor is required to earn certification. Level 1 consists of basic cybersecurity hygiene required to safeguard Federal Contract Information (FCI).
SeaGlass Technology is a NYC managed IT services provider that specializes in IT security, disaster recovery, network security and IT cloud services. Our knowledgeable CMMC compliance experts work directly with defense contractors to help them gain a solid understanding of the potential security risks they face and how to safeguard against these threats by remaining vigilant and staying aware of compliance issues that could harm their business.
Meeting CMMC Level 1 Requirements
Level 1 is considered the foundation for the DIB, including contractors seeking to achieve a higher level of certification. To achieve level 1, a defense contractor must demonstrate basic cyber hygiene as it is defined in 48 CFR 52.204-21. This level is achievable for small businesses and includes universally-accepted cybersecurity practices. However, it offers limited protection against certain malicious actions, including data exfiltration.
Regardless of which CMMC certification level a contractor ultimately wants to reach, they must begin at level 1. Maturity processes are not assessed at level 1, meaning businesses are not obligated to create policies regulating the required practices. Level 1 is the only level that does not contain any processes. No formal documentation is required and compliance can be proved through any method that shows that the practice has been performed, such as screenshots.
CMMC level 1 is broken down into 9 capabilities and 17 practices spread across six domains. Each practice consists primarily of physical protection requirements, as well as access controls. Level 1 compliance will not suffice for all defense contractors that enter into contracts with the DoD. The U.S. Department of Defense may assign a contract to a high level of compliance based on the sensitivity of the information being handled by the contractor.
Speak To Seaglass CMMC Level 1 Compliance Services
Need assistance navigating the complex world of CMMC compliance and securing more contracts with the DoD? As an experienced managed IT services provider in New York City, we help companies of all sizes better manage their IT systems so that they can remain compliant with CMMC standards and focus on core activities to grow their business. To learn more about CMMC level 1 compliance or to schedule a consultation with an IT security expert, reach out to the NYC managed IT service providers at SeaGlass Technology.