CMMCCybersecurity Maturity Model Certification
Building Trust in the CMMC Assessment Ecosystem
Elevate Your Cybersecurity Posture from Basic to Advanced
Every organization that receives grants or contracts from the US Department of Defense (DoD) is required to meet CMMC requirements. The CMMC combines various cybersecurity standards and best practices in an effort to ensure all contractors are successfully protecting sensitive information and are capable of adapting to new and evolving cyber threats.
CMMC 2.0 Is Coming—We Can Help You Prepare
CMMC Compliance Checklist
The process to reaching your desired level of CMMC Compliance can be cumbersome. CampusGuard is here to guide your organization through the nuances, but here are some steps to get you started:
Decide on Maturity LevelThe type of information your organization handles and the size and sensitivity of the contracts in which you plan to participate will help you to establish which level of CMMC compliance you must achieve.
Determine Where Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) Is StoredFinding where your organization is currently storing, using, or transmitting this data will help you better design a cohesive environmental scope.
Build an Environment for FCI and CUIThrough the use of physical and logical separation, your organization will need to confine the spaces where FCI/CUI is stored, access, and shared.
Create Documentation Around Your ScopeComplete documentation regarding the scope of your environment, exactly what falls into that scope, and who is responsible for each control within your System Security Plan (SSP) will need to be produced to your assessor.
Develop Staff Training on Best PracticesDuring the process of developing your CMMC strategy, your organization will establish new policies for the use of FCI/CUI. All employees involved with the use of this information will need to be trained on these policies.
Conduct AssessmentAssessing your SSP is the best way to find gaps in coverage and document your future plans to readdress them with a Plan of Action and Milestones (POAM).
Cybersecurity Maturity Model Certification
The CMMC is currently based on an ascending level of preparedness from level 1 (basic) to level 5 (advanced), although this is moving to CMMC Model 2.0 in the future, which will change to three maturity levels. CampusGuard is focused on assisting Organizations Seeking Certification (OSC’s) to prepare for CMMC assessments at all maturity levels (ML1 – ML5).
- 171 Practices
- 156 Practices
- Good Cyber Hygiene
- 130 Practices
- Intermediate Cyber Hygiene
- 72 Practices
- Basic Cyber Hygiene
- 17 Practices
Why Choose CampusGuard?
At CampusGuard, we specialize in the complexities and diverse environments of campus and community-based organizations. Our dedicated team prides itself on our expert accreditation, staying updated on the latest trends, and working alongside our clients with a personal approach.
Weekly average attacks on corporate networks in 2021.
Increase in weekly cyber attacks on corporate networks in 2021 compared to 2020
$ 4.24 M
Average cost of a data breach in 2021.
Related Products and Services
Our Experts Are Ready to Assist
As a CMMC Registered Provider Organization (RPO), CampusGuard is focused on assisting Organizations Seeking Certification (OSC’s) prepare for CMMC assessments at all maturity levels (ML1 – ML5).
Top CMMC Frequently Asked Questions
CMMC, or Cybersecurity Maturity Model Certification, is a framework created by the US Department of Defense (DoD) to ensure that companies and organizations that work with the DoD have appropriate cybersecurity controls and practices in place to protect sensitive information.
The CMMC framework consists of five levels of cybersecurity maturity, with Level 1 representing basic cybersecurity hygiene and Level 5 representing advanced cybersecurity practices. Each level has a set of specific security requirements and processes that must be met in order to achieve certification.
CMMC certification is required for all organizations that do business with the DoD, including contractors and subcontractors. The certification process involves a third-party assessment of the organization's cybersecurity practices and controls, and certification is required for organizations to bid on and win contracts with the DoD.
All organizations that do business or receive grants with the United States Department of Defense (DoD) need to obtain CMMC certification if they want to be eligible to bid on and win DoD contracts. This includes prime contractors, subcontractors, suppliers, and vendors.
The CMMC certification requirement will be phased in over time, with DoD contracts starting to require certification at different levels beginning in 2021. DoD contractors and subcontractors should check with their contracting officers to determine when their contracts will require CMMC certification and at what level.
Failing to be certified to the appropriate CMMC maturity level will disqualify an organization from being awarded defense contracts or research grants that include the CMMC requirement and could put DoD grant funding at risk for your institution.
In addition, non-compliance with the CMMC framework could also result in other consequences, such as increased cybersecurity risk, loss of customer trust, and potential legal and financial liabilities.
It's important to note that becoming CMMC compliant can be a complex and time-consuming process, depending on your organization's current cybersecurity practices and the level of certification required. Therefore, it's important to start planning and implementing the necessary changes as soon as possible to ensure that your organization is prepared to meet the CMMC requirements.
According to the DoD website, "The publication of materials relating to CMMC 2.0 reflects the Department’s strategic intent with respect to the CMMC program; however, CMMC 2.0 will not be a contractual requirement until the Department completes rulemaking to implement the program. The rulemaking process and timelines can take 9-24 months. CMMC 2.0 will become a contract requirement once rulemaking is completed."
CMMC 2.0 eliminates Level 2 (Intermediate) and Level 4 (Proactive) from CMMC 1.0. CMMC Model 2.0 has three levels that connect to existing federal requirements that are already in place:
- Level 1: Foundational is aligned with FAR 52.204-21: Basic Safeguarding of Covered Contractor Information Systems (for companies with FCI only).
- Level 2: Advanced is aligned with NIST SP 800-171: Protecting CUI in Nonfederal Systems, and also requires compliance with FAR 52.204-21 (for companies with CUI).
- Level 3: Expert is aligned with NIST SP 800-172: Enhanced Security Requirements for Protecting Controlled Unclassified Information, and also requires compliance with FAR 52.204-21 and NIST SP 800-171 (for the highest priority programs with CUI).
CMMC for Higher Education
For colleges and universities involved in R&D, the switch from DFARS to The Cybersecurity Maturity Model Certification (CMMC) is big news. But just what is it, what is the impact on DoD contracts, and how does it fit in with information security?Read More about the CMMC for Higher Education