Cybersecurity Maturity Model Certification (CMMC) will become law in 2023. Is a requirement for all organizations within the supply chain to the United States Department of Defense (DoD). When in effect, DoD Contractors will be required to meet a specific CMMC level to submit proposals for new DoD contracts.
CMMC ensures that an organization has achieved the minimum threshold of cybersecurity necessary to be entrusted with the types of information they receive or handle.
It is similar the NIST 800-171 but is performed by a certified external company. The NIST 800-171 standard is a federally mandated requirement for non-federal businesses conducting business with the federal government. It is required if you deal with Controlled Unclassified Information (CUI) or perform services on systems that provide CUI.
Click Image to Enlarge
Click Image to Enlarge
There are three levels of CMMC 2.0:
Levels are based on the types of information businesses handle.
Total Cyber’s NIST 800-171 solution prepares businesses for self-certification and verification.Level 1: Foundational
For companies with federal contract information (FCI) only. This information must be protected but is not critical to national security.
Level 2: Advanced
For companies with CUI. These requirements are in alignment with NIST SP 800-171 controls.
Level 3: Expert
For companies with CUI and working on DoD's highest priority programs. These requirements are in alignment with NIST SP 800-171 and will use a subset of NIST SP 800-172 controls.
