Cybersecurity Maturity Model Certification Compliance
CMMC 2.0 is a compliance requirement for all DoD Contractors and Subcontractors
Time is of the essence with your CMMC 2.0 – the official mandate is expected to be released in early 2024, and companies have two years to become compliant. CISO Global is here to partner with you to prepare for your certification.
CMMC 2.0 gives the DoD the ability to verify the cybersecurity resilience of DoD contractors using certified third-party assessment organizations (C3PAOs). CISO Global is in the process of becoming a C3PAO.
CMMC 2.0 consists of three certification levels that reflect the maturity and resilience of the contractor’s cybersecurity infrastructure. DoD contractors must be CMMC certified at the level required by the DoD contract to bid on and subsequently win DoD contracts.
- CMMC Level 1 requires 17 fundamental cybersecurity practices for a minimum level of data protection of Federal Contract Information (FCI).
- CMMC Level 2 requires all 110 practices of NIST SP 800-171 for DoD contractors that handle Controlled Unclassified Information (CUI).
- CMMC Level 3 builds on CMMC Level 2 and adds practices from NIST SP 800-172 with stricter and more advanced requirements for safeguarding CUI, mitigating risks from advanced persistent threats, and creating and maintaining of a CMMC implementation plan.