Monarch-Mark-v1W-notm.png
Monarch-Logo-v2W-t0.5-W.png
Monarch-Logo-v2T.png
CMMC Explained

Cybersecurity Maturity Model Certification (CMMC) is a U.S. Government-mandated certification program designed to improve supply chain security in the defense industry. 

The Department of Defense will require all contractors to be certified to one of three CMMC levels by the end of 2025.

CMMC is a rigorous process and is intended to take you to a higher level of cybersecurity preparedness. CMMC establishes a measurable set of standards and practices for safeguarding both Controlled Unclassified Information (CUI) and Federal Contract Information (FCI), and is designed to protect both data and systems from cyber-attack. In order to preserve U.S. national security, the federal government is requiring organizations working with the DoD to become certified once CMMC final rule goes into force.

Three levels of CMMC certification.

Which CMMC certification level will you need? That depends on the type of work you do, the specifics of your DoD contract, and the kind of information you handle in the course of fulfilling the contract. Your level is determined by your DoD contracting officer and is clearly specified in your contract.

The CMMC certification levels are:

  • Level 1 – Foundational Cyber Hygiene Practice. This is a basic level of cybersecurity achieved by security-conscious organizations both within and outside of the defense industry. Level 1 certification requires compliance with 17 specific practices (security controls).

  • Level 2 – Advanced Cyber Hygiene Practice. This level incorporates the DoD cybersecurity requirements of NIST Special Publication 800-171 Rev2. Level 2 requires compliance with 110 total practices (including those of Level 1).

  • Level 3 – Expert Practice. Level 3 certification requires compliance with the standards of Level 2 (including NIST 800-171) and certain provisions of NIST Special Publication 800-172.

The Department of Defense has published CMMC 2.0 Assessment Guide, Level 1 and CMMC 2.0 Assessment Guide, Level 2 to further explain CMMC compliance requirements. An assessment guide for Level 3 has yet to be published.

Fully understanding the requirements of each level can be overwhelming for many organizations. We’re here to answer your questions. Call us today.

Data Breach: Anatomy of One Company’s Response
If the trend continues, 2023 will become another year of over 1,000 publicly reported data breaches. According to the IT Governance Blog (itgovernance.co.uk), this translates to over five billion compromised data records. The breaches number will undoubtedly continue in number and severity – reaffirming that cybersecurity is a pressing priority for business. Learn More >

Monarch is the Northeast’s only Certified Third Party Assessment Organization (C3PAO)

The cybersecurity universe is constantly changing.
Sign up today to receive the latest intel.

Or click here
to schedule a consultation

All Content © 2024 Monarch ISC

22 Free Street, Suite 300, Portland, ME 04101

info@monarchisc.com

207.808.0472

Services
Advisory & Consultation
Policy & Plan Development
Risk Assessments
Incident Response Plans & Testing
Disaster Recovery Plans & Exercises
Penetration Testing & Vulnerability Assessment
Instructor-Led Training
Supply Chain/Third Party Risk Management
Phishing Simulations & Testing (CBT)

Industries
Defense
Financial
Healthcare

CMMC / 800-171
Authorized Certification Assessment (C3PAO)
Readiness Assessments
Readiness & Program Development
Instructor-Led Training (LTP)
CMMC Explained

Training
Blog
CyberMD™

About
Meet The Monarch Team
About Monarch ISC
Schedule A Consultation
News
 
LTP-Caico-T.png
CyberAB-–-RPO-T-1.png
CyberAB-–-C3PAO-T.png
Monarch-Mark-v1W-notm.png
Monarch ISC is the Northeast’s
first Certified Third Party Assessment Organization (C3PAO)