The Cybersecurity Maturity Model Certification (CMMC) is a certification procedure developed by the Department of Defense (DoD) to certify that contractors working with the DoD have the controls in place to protect sensitive data. CMMC replaces the previous self-attestation model and moves to certification via CMMC Third Party Assessment Organizations (C3PAOs). The CMMC Model is based on the best-practices of different cybersecurity standards, including NIST SP 800-171, NIST SP 800-53, ISO 27001, ISO 27032, AIA NAS9933, and others into one cohesive standard for cybersecurity.
The CMMC Model has five defined levels, each with a set of supporting practices and processes. Practices range from Level 1 (basic cyber hygiene) to Level 5 (advanced/progressive). To meet a specific CMMC level, an organization must meet the practices and processes within that level and all levels below. The DoD will specify the required CMMC level an organization must possess when releasing Requests for Information (RFIs) and Requests for Proposals (RFPs).
Although the official CMMC assessment program has yet to begin, Compass IT Compliance can assist organizations in assessing their current level of compliance with the Cybersecurity Maturity Model Certification v1.02. Our assessments will provide invaluable insights into control weakness and gaps, providing your organization with detailed remediation recommendations to mitigate the risk of a failed CMMC assessment in the near future!
Let Compass IT Compliance assist your organization in assessing any risks present through our CMMC services so you can secure your private data environment, comply with regulatory requirements, and save time, money, and resources in the process. Contact Us today to discuss your unique situation. Secure. Comply. Save.