At GigaTECH, we are actively working to achieve the Cybersecurity Maturity Model Certification (CMMC) to position our team as a trusted vendor for federal acquisition. CMMC, while developed by the DoD to provide more accountability, is based on NIST 800-171 principles that have provided the basis for security frameworks leveraged in numerous industries.
By working to achieve the CMMC certification, GigaTECH can easily translate our posture to many other frameworks through our Governance, Risk Management, and Compliance (GRC) system.
Cybersecurity Maturity Model Certification (CMMC) Defined
The CMMC is a framework created by the US Department of Defense (DoD) to ensure that its contractors and suppliers can protect controlled unclassified information (CUI). The CMMM provides a unified and standardized set of requirements that contractors must follow to obtain certification and remain eligible for DoD contracts.
The CMMC framework consists of Three maturity levels, with each level building upon the previous one to provide a progressively higher level of cybersecurity. Contractors must meet the requirements of the appropriate maturity level for their type of work and the type of information they handle.
Level 1: Foundational
Level 2: Advanced, based on practices aligned with NIST SP 800-171
Level 3: Expert, based on all practices in levels 1 and 2, and augmented by NIST SP 800-172.
The requirements of each level include a range of practices, such as implementing firewalls, using encryption, and performing regular security assessments. Additionally, contractors must have a documented information security program that outlines the policies and procedures they follow to protect CUI.
The CMMC also requires contractors to have a formal process for reporting and responding to cybersecurity incidents and for conducting regular training for their employees on cybersecurity best practices.
To obtain CMMC certification, contractors must undergo an assessment by a third-party assessor that is accredited by the CMMC Accreditation Body (CMMC-AB). The assessor will evaluate the contractor’s compliance with the relevant CMMC requirements and provide a report indicating the contractor’s level of maturity.
In summary, the CMMC framework is a comprehensive approach to ensuring the protection of controlled unclassified information in the defense supply chain. By meeting the requirements of the appropriate maturity level, contractors can demonstrate their commitment to cybersecurity and ensure their eligibility for DoD contracts.