CMMC 2.0 – WHAT IS IT?
The Cybersecurity Maturity Model Certification (CMMC) program enhances cyber protection standards for companies in the Defense Industrial Base (DIB). It is designed to protect sensitive unclassified information that is shared by the Department of Defense (DoD) with its contractors and subcontractors. The program incorporates a set of cybersecurity requirements into acquisition programs and provides the DoD increased assurance that contractors and subcontractors are meeting these requirements.
CMMC combines various cybersecurity control standards such as NIST SP 800-171, NIST SP 800-53, ISO 27001, ISO 27032, AIA NAS9933 and others into one unified standard for cybersecurity. In addition to cybersecurity control standards, CMMC also measures the maturity of a company’s institutionalization of cybersecurity practices and processes.
The CMMC framework has three key features
Tiered Model
CMMC requires that companies entrusted with national security information implement cybersecurity standards at progressively advanced levels, depending on the type and sensitivity of the information. The program also sets forward the process for information flow down to subcontractors.
Assessment Requirement
CMMC assessments allow the DoD to verify the implementation of clear cybersecurity standards.
Implementation through Contracts
Once CMMC is fully implemented, certain DoD contractors that handle sensitive unclassified DoD information will be required to achieve a particular CMMC level as a condition of contract award.
Major Changes from CMMC 1.0
KEY FEATURES OF CMMC 2.0
How KITC can help you
At KITC, our objective is to provide advanced IT services with simplicity, clarity, and integrity. We understand security changes and requirements can feel overwhelming. To avoid errors and penalties, we suggest working with a third-party company like ourselves to ensure thorough and accurate scoring. Our team has the vetted IT tools, policy templates and assessment services mapped to NIST 800-171 and CMMC requirements to assist your organization on the road to compliance.