Cybersecurity Maturity Model Certification (CMMC) The wait is finally over for contractors and subcontractors!

Once the CMMC is fully rolled out, you will no longer have to worry about complicated instructions and unnecessary, overly-burdensome requirements. The time to start your assessment is now. Check out the requirements here and schedule your free consultation with Craig today!

CMMC v1.0 Content Overview

The document includes:

  • CMMC Model and Summary
  • Appendix A: CMMC Model v1.0
  • Appendix B: Process and Practice Descriptions
  • Appendix C: Glossary
  • Appendix D: Abbreviations and Acronyms
  • Appendix E: Source Mapping
  • Appendix F: References

It is made up of:

  • 17 Domains
  • 43 capabilities
  • 71 practices to measure technical capabilities
  • 5 processes to measure the 5 levels

The framework of the CMMC is rather simple; it encompasses multiple Domains. Within those Domains are:

Important Terms

CMMCv1.0 Maturity Levels (ML)

CMMC ML 1

Practice

  • “Basic Cyber Hygiene”
  • 17 Practices for basic safeguarding of FCI

Process

  • “Performed”
  • No actual processes

Only addresses practices from the FAR Clause 52.204-21.

CMMC ML 2

Practice

  • “Intermediate Cyber Hygiene”
  • 72 practices meant to help transition from safeguarding FCI to protecting CUI

Processes

  • “Documented”
  • 2 processes

CMMC ML 3

Practice

  • “Good Cyber Hygiene”
  • 130 practices to protect CUI

Processes:

  • “Managed”
  • 1 process for safeguarding CUI

Includes all 110 security controls from NIST 800-171

All contractors handling CUI will be required to be CMMC Level 3 certified.

CMMC ML 4

Practice

  • “Proactive”
  • Includes 130 practices to protect CUI from Level 3 PLUS an additional 26 controls to not only protect CUI but to also reduce the risk of APTs

Processes:

  • “Reviewed”
  • Actively take corrective measures

Mostly sourced from NIST 800-171 RevB.

CMMC ML 5

Practice

  • “Advanced/Proactive”
  • Includes the 130 practices to protect CUI from Level 3 PLUS the 26 controls from Level and and additinoal 15 practices to further reduce the risk of APTs

Processes:

  • “Optimizing”
  • Focus on protecting CUI from APTs

Mostly sourced from NIST 800-171 RevB.

CMMC References

The CMMC is the government’s attempt at simplifying cyber security requirements for their contractors; it is essentially encompassing all of the following guidelines and requirements:

  • FAR Clause 52.204-21 b.1.i
  • NIST SP 800-171 Rev 1 3.1.1
  • CIS Controls v7.1 1.4, 1.6, 5.1, 14.6, 15.10, 16.8, 16.9, 16.11
  • NIST CSF v1.1 PR.AC-1, PR.AC-3, PR.AC-4, PR.AC-6, PR.PT-3, PR.PT-4
  • CERT RMM v1.2 TM:SG4:SP1
  • NIST SP 800-53 Rev 4 AC-2, AC-3, AC-17
  • AU ACSC Essential Eight

Don’t Lose Your Contract!

Here at Petronella Technology Group, we think of the CMMC as wonderful new guidance on cyber security for you and your business. Schedule a free consultation with Craig today to make sure you are on the right track to keeping all of your valuable government contracts!

CMMC Products

No product found

Schedule an Appointment

Schedule an Appointment

    Our clients are awesome!

    Based on 55 reviews.
    Jeremy Richards
    Jeremy Richards
    2020-03-13
    Petronella provides great advanced digital marketing and automation solutions for my business!
    Kate Swenson
    Kate Swenson
    2020-02-14
    Highly recommended for CMMC certification assistance! Excellent and affordable options for secure data hosting on local infrastructure. 5 stars!
    Tom Matzen
    Tom Matzen
    2020-01-25
    Petronella Technology Group helped us setup our sales and marketing automation, cybersecurity and compliance for our new Blockchain startup. Great to work with! Craig in particular really knows his stuff, can translate into non-tech speak, and has wisdom beyond his years. Highly recommend them.
    Justin Summers
    Justin Summers
    2020-01-14
    Craig is awesome! He is very professional and efficient with his work. I would definitely recommend Petronella Technology to anyone who needs state of the art service.
    Blake Rea
    Blake Rea
    2020-01-14
    Craig is an expert in his field. Impressed by his knowledge, A true pioneer in Cybersecurity. My business is safer thanks to Petronella Tech!
    Robert Friedman
    Robert Friedman
    2020-01-10
    For the last five years Craig has been the Contributing Editor for Cybersecurity for NC Triangle Attorney Law Magazine which I publish. His base of knowledge is always leading edge, pragmatic and early to understand for our readers who are not techies. He is patient and easy to work with.
    Tammy Everett
    Tammy Everett
    2020-01-10
    Craig Petronella, CEO of Petronella Technology Group provided the members of the Defense Alliance of North Carolina expert advice on cybersecurity and NIST compliance. Eye opening experience! Thanks so much!
    Julie Brown
    Julie Brown
    2020-01-09
    Craig and the Petronella Technology Group, Inc. team made HIPAA compliance for my small practice so simple and easy! They helped me with all of my HIPAA training, HIPAA Security Risk Assessment, Penetration Test, and HIPAA secure hosting so I can rest easy.
    Pivot Point
    Pivot Point
    2020-01-03
    Petronella Technology Group helped us with our marketing strategy for our new web startup. Awesome experience!!!!
    Richard Brunet
    Richard Brunet
    2019-12-30

    SCHEDULE AN APPOINTMENT

    Make It Happen Now

    CLIENT SUPPORT

    Don't Feel Stranded

    CONSULTATION

    Get Best Advice

    PAYMENTS

    Make A Payment

    Top