Cybersecurity Maturity Model Certification (CMMC)

Become CMMC Level 1 - 3 Certified NOW!

DoD Contractors will be required to meet a specific CMMC level to submit proposals for new DoD contracts. You can beat the rush before the time comes. We will help you become CMMC Level 1 – 3 pre-compliant now. Then become CMMC compliant before it is required.

Total Cyber Solutions will perform a full assessment depending on the CMMC Level you need to meet for DoD compliance. We will then preform a full CMMC audit and create a remedy plan for you to become CMMC compliant.

What is Cybersecurity Maturity Model Certification (CMMC)?
CMMC is a new rule requiring DoD contractors meet certain Levels of security in order to work on DoD contracts. The DoD CMMC certification was created to make the Defense industrial Base more secure.

List of CMMC Levels

In order to pass an audit for this level, the DoD contractor will need to implement 17 controls of NIST 800-171 rev1.

Level 1 of CMMC addresses the protection of Federal Contract Information (FCI) and encompasses the basic safeguarding requirements for FCI specified in Federal Acquisition Regulation (FAR) Clause 52.204-21, which defines FCI as:

(Information, not intended for public release, that is provided by or generated for the Government under a contract to develop or deliver a product or service to the Government, but not including information provided by the Government to the public (such as on public websites) or simple transactional information, such as necessary to process payments.)

In order to pass an audit for this level, the DoD contractor will need to implement another 48 controls of NIST 800-171 rev1 plus 7 new “Other” controls.

Criteria for CMMC Level 2

CMMC Level 2 is a transitional level. At Level 2, a contractor is not yet approved for CUI. CMMC Level 2 practices and processes provide additional safeguarding above CMMC Level 1 and help to prepare a contractor to handle CUI at CMMC Level 3.

In order to pass an audit for this level, the DoD contractor will need to implement the final 45 controls of NIST 800-171 rev1 plus 13 new “Other” controls.

CMMC Level 3 addresses the protection of Controlled Unclassified Information (CUI), which the National Archives and Record Administration (NARA) defines as:

Information that requires safeguarding or dissemination controls pursuant to and consistent with laws, regulations, and government-wide policies, excluding information that is classified under Executive Order 13526, Classified National Security Information, December 29, 2009, or any predecessor or successor order, or Atomic Energy Act of 1954, as amended.

In order to pass an audit for this level, the DoD contractor will need to implement 11 controls of NIST 800-171 RevB plus 15 new “Other” controls

In order to pass an audit for this level, the DoD contractor will need to implement 11 controls of NIST 800-171 RevB plus 15 new “Other” controls

Level 5 – “Advanced / Progressive”

In order to pass an audit for this level, the DoD contractor will need to implement the final 4 controls in NIST 800-171 RevB. plus 11 new “Other” controls

The Cybersecurity Maturity Model Certification (CMMC) is a new requirement for existing DoD contractors, replacing the self-attestation model and moving to third-party certification.

The certification will be built on existing requirements such as NIST SP 800-171, NIST SP 800-53, AIA NAS9933, private sector contributions, and input from academia. This new certification is intended to tighten cybersecurity within the defense industrial base. CMMC consists of five levels to measure cybersecurity practices of contractors

CMMC IS HERE!

Wondering what the Cybersecurity Maturity Model Certification is and if you need it. Watch this video from Summit7 that explains what CMMC is. DoD Contractor and companies doing business with the DoD.

Get your business certified in CMMC?

we can do it together

A Free Consultation
Just One Message Away

safety & security