
The Cybersecurity Maturity Model Certification (CMMC) is a framework created by the US Department of Defense (DoD) to ensure that contractors handling Controlled Unclassified Information (CUI) have appropriate cybersecurity measures in place.
There are five levels of the CMMC, each with increasing requirements for security controls and practices.
To be CMMC compliant, your company must meet the requirements of the level that is appropriate for the type and amount of CUI it handles.
The specific requirements for each level can be found in the CMMC framework document, which is available on the CMMC website.
Generally speaking, the requirements for CMMC compliance include but not limited to:
Access Control:
This requirement ensures that only authorized individuals have access to CUI, which can be achieved by implementing authentication and access controls such as multi-factor authentication, role-based access control, and security clearance checks.
Incident Response:
This requirement involves having plans and procedures in place to respond to and recover from cybersecurity incidents, such as data breaches, malware attacks, and other security incidents. This includes incident response planning, incident handling, incident reporting and incident recovery.
Media Protection:
This requirement deals with the proper handling and disposing of physical media, such as hard drives, that contain CUI. This includes procedures for sanitizing or destroying media before disposal, and ensuring that media is protected while it is in storage.
Personnel Security:
This requirement focuses on the screening and training of employees who handle CUI. This includes background checks, security clearance, and regular training on security best practices and policies.
Physical Protection:
This requirement ensures that physical locations where CUI is stored and processed are secured. This includes access controls, surveillance, and environmental controls, such as fire suppression and temperature control.
It is recommended that you consult a certification body for a proper compliance assessment and certification. VTC Tech can help your company become CCMC complaint. Give us a call at 1-888-800-3211 to discuss how we can help you with your CMMC requirements.