A Comprehensive Guide
Cybersecurity Maturity Model Certification.
A certification program created by the Department of Defense (DoD) that assesses cybersecurity posture
What CMMC level does your company really need?
Level 1 - (Foundational) only applies to companies that focus on the protection of FCI. It is comparable to the old CMMC Level 1. It consists of only practices that correspond to the basic safeguarding requirements specified in 48 CFR 52.204-21, commonly referred to as the FAR Clause.
Level 2 - (Advanced) is for companies working with CUI. It is comparable to the old CMMC Level 3. Level 2 requirements will mirror NIST SP 800-171 and eliminate all practices and maturity processes that were unique to CMMC.
Level 3 - Expert) is focused on reducing the risk from Advanced Persistent Threats (APTs). It is designed for companies working with CUI on DoD’s highest priority programs. It is comparable to the old CMMC Level 5. Level 3 will be based on a subset of NIST SP 800-172 requirements. Details will be released at a later date.