Getting CMMC Certified in Vinton, Virginia (VA)
The DoD released its first version of the CMMC (Cybersecurity Maturity Model Certification) on 31st January 2020. Since that time, several industry experts have been working towards helping customers to understand the standard and prepare to get certified. The industry leader in CMMC consultancy services in Vinton, Virginia (VA) is none other than IQC The ISO Pros.
The History CMMI
If you are aware of NIST 800-171, then you are one step ahead. NIST 800-171 was developed to allow DoD contractors to prove that they were protecting CUI (Controlled Unclassified Information). It consisted of both confidential and personal information which was located on the non-federal systems.
Initially, contractors were permitted to self-certify that they were meeting the requirements of NIST 800-171. The 1st version of CMMC seeks to change this by calling for a 3rd party evaluation to check on whether the contractor complies with CMMC. The contractor has to demonstrate the ability to adapt to the ever-evolving cyber threats against the CUI.
The new CMMC version affects over 300,000 different companies from small to big. However, not all contractors are expected to meet the same standards. The model has five tiers that are based on the functions that the various contractors are expected to meet. The requirements increase from one tier to another. Therefore, you have to meet the all requirements of a lower level before you get to a higher one. Therefore, tier five will have to meet all the requirements of tier-one to five. Every tier puts forward a different cybersecurity maturity level. Here is an overview of the levels of CMMC;
It covers the basic safeguarding of the information systems of the contractors as it is listed in the FAR Clause 52.204.21. Some of the things that it provides for include limiting systems to the authorized users only, sanitizing or destroying federal contract information properly, and limiting to certain kinds of transactions.
This takes level one to a higher height by calling for more cyber hygiene by applying 48 different controls to protect the CUI. Level 2 has 55 more practices to add to level one hence making a total of 72 practices.
Level 3 takes CMMI to the next level by calling for good cyber hygiene in order to protect the CUI. It brings a total of 130 practices at level 3.
At level 4, contractors are required to review all their practices and measure them. It also establishes the response procedures for the changing techniques and the advanced persistent threat procedures. The additional practices make a total of 156 to comply at level 3. The organization has to review and measure all their activities and share what they find with the top management.
Apart from meeting all the previous practices, the organization should also have a standard process for defending against and responding to persistent threats at this level. It means that you will have to document each practice from level one to four. Level 5 should have a written plan for all the activities and a process for reviewing and measuring their effectiveness. You have to use a standardized documented approach across the organization. If you have a problem with CMMC implementation in Vinton, Virginia, all you need to do is contact IQC The ISO Pros.
IQC The ISO Pros can help you implement, train on, consult, and have your company and/or organization certified on the following ISO Certifications: