What is the Cybersecurity Maturity Model Certification 1.0 (CMMC 1.0)?

CMMC stands for “Cybersecurity Maturity Model Certification”.  The CMMC is a formal certification intended to ensure that appropriate levels of cybersecurity controls and processes are in place to protect controlled unclassified information (CUI) residing on DoD contractor networks.  If your business offers products and/or services to the DoD or a DoD contractor, the CMMC will apply to you.

The goal of the Cybersecurity Maturity Model Certification is to protect national security and to protect American businesses.  The CMMC combines various cybersecurity control standards such as NIST SP 800-171, NIST SP 800-53, ISO 27001, ISO 27032, AIA NAS9933 and others into one unified standard for cybersecurity.  The CMMC will also measure the maturity of a company’s cybersecurity practices and processes.

Unlike the NIST 800-171 framework, there is no self-certification for the Cybersecurity Maturity Model Certification 1.0.  Instead, a third-party CMMC auditor (Certified Third-Party Assessor Organization - C3PAO) will be required.  Registered Provider Organizations (RPOs), such as Appalachia, have been accredited by CMMC to help prepare organizations for C3PAO auditing.

The CMMC 1.0 encompasses 5 security levels, with level 5 being the most secure.  The majority of contractors and especially manufacturers will be level 3.  Levels 4 and 5 are reserved for contractors who require very high levels of cybersecurity – think munitions and weapons manufacturers.  Levels 1 and 2 will apply to merchants and services.

 CMMC Maturity Process Progression

Figure 1 CMMC Maturity Process Progression - https://www.acq.osd.mil/cmmc/

 
For more information or to get help now, contact us at (888) 277-8320. 
 
To download the white paper "Deep Dive: NIST SP 800-171r1 and DRAFT NIST SP 800-172 Compared," click HERE.

News & Updates

APPALACHIA IN THE NEWS: Appalachia Technologies Cited in Case Study to Improve Efficiencies and Service Delivery   Improve and Evolve - this is one of the five Core Values of Appalachia Technologies and one we believe helps us to stay at the forefront of our industry.  Our Technical Assistance Center (TAC), while performing well and delivering quality service, was being challenged by processes for documentation that were manual and outdated.  Not satisfied with the current way of doing this, Chris Swecker, Manager of TAC, began to explore IT Glue.  IT Glue centralizes information, allowing for efficiencies in response time, accuracy, and client satisfaction.  As he explains, "IT Glue became our source of truth."  Chris and his team built on the success by incorporating additional tools to assist with password rotation and a client-side tool for password management and shared documentation.  

Contact Us

Learn more about what Appalachia Technologies can do for your business.

Appalachia Technologies
5000 Ritter Road Suite 104
Mechanicsburg, Pennsylvania 17055

Appalachia Technologies
  • About Us
  • IT Services
  • Compliance
  • Resources
  • Contact Us
  • Who We Serve
  • Speaker Request
  • (888) 277-8320