CMMC Standard: What is CMMC?

blank

The CMMC (Cybersecurity Maturity Model Certification) v1.0 framework was released January 31, 2020.  It is a unified cybersecurity standard for future DoD acquisitions.

It was created in an effort to focus on the security and resiliency of the Defense Industrial Base (DIB) sector according to the OUSD(A&S) and the DoD. Beginning fall of 2020, the DoD will begin requiring contractors to obtain the required level of CMMC certification before they can compete for defense contracts.

 
 
The CMMC Model measures security at 5 different levels starting at Level 1 with Basic Cyber Hygiene up to Level 5 Advanced/Progressive Cybersecurity.   See the image below:

The CMMC model has 17 domains and each domain has a set of processes and capabilities that apply throughout the 5 maturity levels.

Source: CMMC Model v1.0 Approved for Public Release

CMMC Practice Progression

The majority of small businesses doing business with the DoD that handle CUI (Confidential Unclassified Information) will be required to be certified to Level 3.  Level 3 encompasses all of the NIST SP 800-171 standard plus another 20 practices to meet the “Good Cyber Hygiene” level.

Source: CMMC Model v1.0 Approved for Public Release

powered by BirdEye

Consulting Support for CMMC Compliance

Core Business Solutions offers a modular approach to achieve certification.  We break the requirements down into organizational and technical. We provide training for your organization’s IT Team or MSP (if you outsource your IT needs), training for employees and management so that you implement a sustainable cybersecurity system that meets CMMC requirements at the level you need. 

We assist you in a guided self-assessment, planning with consulting assistance (remote/online or onsite).  We help you develop your System Security Plan (SSP) and Plan of Action and Milestones (POAM) with a Roadmap and a budget for implementation and remediation to work toward certification.  We help you through your 3rd party audit to successful certification. The CORE Security Suite is included to assist you in implementation and maintenance of your certification.

Core Business Solutions has qualified cybersecurity consultants ready to help you achieve compliance. Support for the standards is available through our Online and Onsite Consulting Programs. We also provide consulting support for companies seeking multiple standards (such as ISO 9001 and ISO 27001) through an Integrated Management System.

Our consultants translate the technical language of the standard into Plain English and make it as simple and effective for your organization as possible.

For more information about compliance, please call our consulting office at 866-354-0300, or email info@thecoresolution.com.

Related standards

• See ISO 27001 for information security management systems

For more information on Cybersecurity please visit our articles page.

blank

If you would like any additional information about our ISO certification consulting programs, or would like a quote for any of these options, please give us a call or send a quick email. We’re also glad to answer any ISO questions you may have.

CONTACT INFORMATION:

Office hours: 8:00 AM – 5:00 PM Eastern Time

Phone: 866-354-0300

Email: info@thecoresolution.com