Cybersecurity Maturity Model Certification (CMMC) is the US Government's method to audit compliance with NIST SP 800-171. Various government agencies, including the Department of Defense (DoD) contractors, need to meet these requirements. Cybersecurity Maturity Model Certification is a program initiated by the United States Department of Defense (DoD) in order to measure their defense contractors’ capabilities, readiness, and sophistication in the area of cybersecurity. At a high level, the framework is a collection of processes, other frameworks, and inputs from existing cybersecurity standards such as NIST, FAR, and DFARS.
At a tactical level, the primary goal of the certification is to improve the surety and security of Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) that is in the possession and use of their federal contractors. The CMMC program was announced on January 31, 2020.
Conservative estimates reveal up to 300,000 organizations will need to comply with CMMC. Many of those are not traditional defense contractors. Many potentially impacted organizations are due to third parties' trickle-down effect that can affect Controlled Unclassified Information (CUI) confidentiality where it is stored, transmitted, or processed.
CMMC certification is required for prime contractors and subcontractors doing work for or on behalf of the Department of Defense. CMMC is needed to improve and ensure the safeguarding of sensitive data, including Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) associated with federal contractors.
Only Authorized and Accredited C3PAOs who are listed on the CMMC-AB Marketplace website will be able to conduct CMMC assessments. C3PAOs will use only Authorized and Certified CMMC assessors to conduct CMMC assessments.
SecureCircle is not involved in the assessment process.
There are five levels to the CMMC framework, each has its own specific set of practices that will be assessed during a CMMC audit.
1. Level 1 (Basic Cyber Hygiene) - requires that an organization performs the specified practices.
2. Level 2 (Intermediate Cyber Hygiene) - requires that an organization establish and document practices and policies to guide the implementation of their CMMC efforts.
3. Level 3 (Good Cyber Hygiene) - requires that an organization establish, maintain and resource a plan demonstrating the management of activities for practice implementation.
4. Level 4 (Proactive) - requires that an organization review and measure practices for effectiveness.
5. Level 5 (Advanced/ Progressive) - requires an organization to standardize and optimize process implementation across the organization.
SecureCircle's persistent data security and frictionless impact on users and applications allow SecureCircle to be applied to broad data segments rather than only securing the most critical data. Additionally, SecureCircle enables granular control and permissions for users, admins, groups, devices, applications, and networks. Combining broad features and granular controls allows organizations to configure SecureCircle to meet security and compliance requirements.
SecureCircle allows organizations to achieve CMMC requirements without any additional burden on user or business workflow. Users continue to operate without any knowledge SecureCircle is securing CUI and CMMC data. Organizations can deploy SecureCircle without training users on new workflows.