CMMC Certification for Manufacturers
What is CMMC?
The CMMC framework is mandatory for any organization that contracts with the Department of Defense (DoD). CMMC compliance began in 2020, but the DoD will continue to add new standards into new contracts until all entities are covered by 2025.
What are the five CMMC levels of maturity?
- Level 1: Basic Cyber Hygiene
- This maturity level is structured around protecting Federal Contract Information (FCI), or government information not intended for public release.
- These practices are considered foundational and are required for all higher CMMC maturity levels.
- This level includes 17 basic practices.
- Level 2: Intermediate Cyber Hygiene
- At this level, organizations are required to have documented policies and procedures for CMMC compliance.
- This level helps organizations bridge the gap from level 1 to level 3.
- This level includes 55 additional cyber hygiene practices.
- Level 3: Good Cyber Hygiene
- Certification at this level indicates that an organization possesses the basic capabilities to protect CUI and has effectively implemented the security requirements of NIST SP 800-171, another security framework.
- A level 3 CMMC certification signifies that an organization adequately maintains security activities, policies, and procedures, and demonstrates proper planning to manage certain activities.
- This level requires an additional 59 security requirements from NIST SP 800-171.
- Level 4: Proactive
- At this level, organizations have advanced cybersecurity practices that can defend CUI from advanced persistent threats (APTs) or malicious long-term attacks.
- Organizations that meet Level 4 CMMC compliance must review and document all cybersecurity activities for effectiveness and report any issues to upper management.
- This level requires an additional 26 NIST SP 800-171 cybersecurity practices.
- Level 5: Advanced/Progressive
- Organizations that meet level 5 CMMC requirements are hyper-focused on protecting CUI from APTs through optimized cybersecurity capabilities.
- Organizations at this level are required to continually improve and standardize their cyber hygiene practices across the entirety of their infrastructure.
- This level includes 15 more security activities, bringing the total to 171 practices.
Who assesses CMMC compliance?
CMMC compliance is assessed by CMMC Third Party Assessment Organizations (C3PAOs). Many organizations work with cybersecurity or CMMC consultants to prepare for their assessment with a C3PAO.
What is DFARS?
Defense contractors must be DFARS compliant to conduct business with the DoD.
How Can an Organization Become DFARS Compliant
Organizations must complete and submit self-assessments to the DoD annually. These assessments must include the following:
- A System Security Plan (SSP)
- A Plan of Action and Milestones (POAM)
- A CUI Environment Management Team (CEMT)
How are DFARS and CMMC related?
What’s the Difference Between CMMC and NIST SP 800-171?
Who Will Perform My CMMC Assessment?
How Often Does My Organization Need to Be Reassessed?
What CMMC level Is required for a contract?
Can a Managed Service Provider (MSP) Help With CMMC Certification?
Peters & Associates is well-versed in CMMC requirements, the manufacturing industry and cybersecurity best practices. We have achieved CompTIA Security Trustmark+ designation based on the NIST Cybersecurity Framework, and we were named a Pioneer 250 provider in CRN’s list of top 500 managed service providers and consultants for 2021.
Contact us today to learn more about our CMMC audit preparation services and how we can help your organization submit a strong risk score with the DoD.
Off-board your IT management to industry experts to keep your business tech secure and optimized so your teams can get back to business initiatives. Contact one of our IT consultants in Chicago to find out what secure, scalable, and optimized solutions are right for you.
SECURITY REVIEW FOR OFFICE 365
ONE TIME PHISHING TEST
VULNERABILITIES SCAN & REPORT