Achieving Cybersecurity Maturity Model Certification (CMMC) compliance is critical across the Defense Industry Base (DIB) for Department of Defense (DoD) contractors and subcontractors. CimTrak provides a clear and simple method to implement many of the control objectives.
CimTrak provides a clear and simple method to implement many of the control objectives of CMMC.
AC - Access Control
AM - Asset Management
AU - Audit and Accountability
CM - Configuration Management
IR - Incident Response
RE - Recovery
RM - Risk Management
SA - Security Assessment
SC - System & Communication Protection
SI - System & Information Integrity
Requires the basic controls needed for essential cyber hygiene. This level of certification will be needed by contractors that hold or process mildly sensitive content such as Federal Contract Information (FCI).
Covers slightly more advanced controls required for ‘intermediate’ cyber hygiene. This level is largely based on the requirements of NIST 800-171 r2. Contractors with this certification will hold or process FCI and possibly more sensitive content such as Controlled Unclassified Information (CUI).
Level 3 certification represents a moderate standard of cyber hygiene for an established organization and requires all 110 NIST controls with an additional 20 controls from various sources. This level will be a requirement for the majority of DoD contractors that hold or process CUI.
Going beyond simple cyber hygiene, level 4 certification required contractors to take a proactive approach to measuring, identifying, and blocking threats, including Advanced Persistent Threats (APTs).
To be certified at level 5, contractors will need to have a fully mature cybersecurity function across all 43 capabilities.