What is NIST/CMMC?
We understand that MEP Centers have been tasked with educating small business about NIST/CMMC. This page offers information especially for you. The launch of the Cybersecurity Maturity Model Certification (CMMC) program serves as an important and necessary step in the advancement of our country’s ability to protect its people, military, industry, and more. Threats to our country’s information grow by the day, and adversaries are becoming more capable.
For businesses working with the Department of Defense (DoD), the threat grows. In order for companies to be awarded government projects, they will need to employ several information security solutions, and put policies into place that drive action for their organizations.
The CMMC program was created after a major breach of contractors and subcontractors and subsequently several government agencies. This program is designed to level-up the security of information shared by the Department of Defense and contractors and subcontractors and gives the Department enhanced confidence that CUI is being protected. Read below to learn more about CMMC 2.0, NIST, and DFARS.
The Structure of CMMC
CMMC measures cybersecurity at 3 levels, from Foundational to Expert. Businesses who only handle Federal Contract Information (FCI) will require Level 1. Businesses who handle Controlled Unclassified Information (CUI) will require Level 2. Level 3 exists to protect highly sensitive CUI and will be required by few contractors. For a complete overview:
Consulting Support for CMMC Compliance
At Core, we offer a modular approach to certification. We break the requirements down into two broad categories: organizational and technical. We provide training for your employees, your management, and your IT Team or MSP (if you outsource your IT needs).
We also assist you in your guided self-assessment. We will help you develop your System Security Plan (SSP), Plan of Action and Milestones (POAM), Roadmap, and budget.