Guide to Cybersecurity Maturity Model Certification (CMMC)
With an escalating cybersecurity threat risk that doesn’t appear to be declining, the Department
of Defense (DoD) has taken proactive measures in creating the Cybersecurity Maturity Model
Certification (CMMC). Cybersecurity Maturity Model Certification (CMMC) is the method the US
Government uses to audit compliance with NIST SP 800-171. The CMMC will soon be a
requirement for any defense contractors or other vendors working with or wishing to work with
the DOD. Various government agencies, including the Department of Defense (DoD)
contractors, need to meet these requirements.
The Cybersecurity Maturity Model Certification’s main goal is to protect Controlled Unclassified
Information (CUI) across the DoD supply chain. There are five levels of CMMC, and each has
its own specific set of practices that will be in scope during a CMMC audit. Here is a brief
overview of what each level demonstrates:
- Level 1 (Basic Cyber Hygiene): DoD contractors who wish to pass an audit at this level
must implement 17 controls of NIST 800-171 rev1.
- Level 2 (Intermediate Cyber Hygiene): DoD contractors must implement another 48
controls of NIST 800-171 rev1 plus seven new “Other” controls.
- Level 3 (Good Cyber Hygiene): To achieve level 3 certification, organizations must meet
the final 45 controls of NIST 800-171 Rev1 plus 13 new “Other” controls.
- Level 4 (Proactive): In addition to the controls in levels 1 through 3, organizations must
implement 11 more controls of NIST 800-171 Rev2 plus 15 new “Other” controls.
- Level 5 (Advanced/Progressive): To achieve this highest level, DoD contractors must
implement the final four controls in NIST 800-171 Rev2 plus 11 new “Other” controls.
SecureCircle’s persistent data security and frictionless impact on users and applications are the
main reason why customers choose SecureCircle to meet their CMMC requirements. This
transparent protection requires absolutely no change in user behavior or applications.
SecureCircle helps organizations meet over 40 controls and practices across eight domains
needed to obtain Level 3 certification. SecureCircle is also a SaaS and endpoint agent
architecture, enabling fast and straightforward deployment. SecureCircle has a simple per-user
pricing model that reduces our customers’ costs and complexity.
SecureCircle addresses CMMC requirements and applies to broad data segments rather than
only securing the most critical data. Additionally, SecureCircle enables granular control and
permissions for users, admins, groups, devices, applications, and networks. The combination of
broad features and granular controls allows organizations to configure SecureCircle to meet
security and compliance requirements.