• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Hartman Executive Advisors

Hartman Executive Advisors

Business & IT Strategy Consulting Firm

  • Business Strategy Consulting
  • IT Management Consulting
  • IT Strategy Consulting
  • Risk Management Consulting
  • Telehealth
  • About
    • Careers
    • Community
    • Our Team
    • Testimonials
  • Services
    • Business Strategy Consulting
      • CIO Consulting Services
      • CISO Consulting Services
      • Interim Executive Placement Services
      • M&A Advisory
      • Telehealth Consulting Services
      • IT Coaching & Mentoring
      • Organizational Development
      • Process Engineering
    • Risk Management Consulting
      • CMMC Compliance Services
      • Cyber Risk Assessment
      • Governance, Risk and Compliance
      • Incident Response Planning
      • IT Due Diligence
    • IT Management Consulting
      • Change Management
      • IT Portfolio Management
      • Vendor Selection & Management
    • IT Strategy Consulting
      • Core Banking System Selection
      • FinTech Consulting Services
      • IT Strategy Assessment
      • Software Evaluation
      • Software Selection
      • Virtual Event Technology
  • Industries
    • Construction
    • Education
    • Financial Services
    • Government Contracting
    • Healthcare
    • Human Services
    • Manufacturing, Retail & Distribution
    • Nonprofit & Association
    • Real Estate
    • State & Local Government
  • Resources
    • Blog
    • Case Studies
    • eBooks
    • Executive Technology Survey Results
    • Maryland CIO Roundtable
    • Speaking Engagements
  • Contact Us
(410) 587-0064 Request a Consultation
(410) 587-0064 Request a Consultation

CMMC Compliance: Requirements of the Three Levels of Certification 

February 2, 2023 by The Hartman Team

Woman typing on laptop with cybersecurity conceptCybersecurity is a top concern for businesses in every sector, as cyberattacks have dramatically increased in recent years. The number of attacks targeting businesses rose 50% in 2021 alone.

Government and military organizations––and their contractors––rank among the most targeted industries. This has driven the Department of Defense (DoD) to expand cybersecurity standards for its contractors, including the Cybersecurity Maturity Model Certification (CMMC), to protect sensitive unclassified information. While the implementation of CMMC is suspended during the rulemaking process, the DoD encourages contractors to continue to improve their cybersecurity controls.

Currently, the DoD CMMC 2.0 standards define 3 levels of certification. The first step for contractors to prepare for CMMC certification is knowing which certification level your organization requires and preparing to collect evidence for assessment.

An Overview Of The 3 Levels Of CMMC

What does CMMC compliance require at the 3 levels of certification? Levels progress from basic safeguarding requirements at Level 1 to expert controls at Level 3.

Level 1: Foundational Practices

Level 1 certified organizations meet basic cyber hygiene requirements and conduct annual self-assessments.

There are17 practices required to meet CMMC Level 1 certification. These include, but are not limited to:

  • Access controls that limit access to authorized users
  • Identification and authentication processes that verify users
  • Media protection practices to avoid releasing sensitive information
  • Physical protection rules that limit physical access to systems
  • System and communications protection to protect organizational communications
  • System and information integrity practices that protect from cyberattacks

Cybersecurity safety shield concept

Level 2: Advanced Cybersecurity Practices

At Level 2, organizations meet intermediate cyber hygiene requirements to protect Controlled Unclassified Information (CUI) and complete either self or third-party assessments depending on the data they hold.

CMMC Level 2 certification includes 110 practices aligned with NIST SP 800-171 , including:

  • Access control and accountability monitoring
  • Cybersecurity training for managers and users
  • Security assessment practices, including configuration settings enforcement
  • Incident response plans and maintenance controls
  • Recovery practices to backup data and risk management practices
  • System and information integrity monitoring for potential attacks or security issues

Level 3: Expert Cybersecurity Practices

Cybersecurity concept with person touching a lockCMMC Level 3 requirements and assessment guides are still under development.
CMMC Level 3 will add additional practices as defined by NIST SP 800-172 , that provide for the protection of CUI.

Organizations and Contracts That Require Higher Levels Of Certification

Which CMMC level does your organization need? Pursuing the most appropriate certification level will save your organization time and money.

CMMC Levels 1-3

Most organizations that contract with the DoD require a CMMC certification at Level 1 at a minimum.  Level 1 practices represent a foundational baseline and a good entry point to the certification process.

Contractors working with Controlled Unclassified Information (CUI) will need Level 3 implementation and certification at a minimum.

Work With Hartman Executive Advisors To Determine The CMMC Level Requirement For Your Business

Hartman Executive Advisors offers , including establishing evidence collection and resource planning, to help your organization meet its certification needs. Make sure your organization is prepared for CMMC compliance. Contact Hartman today to learn more about cybersecurity best practices and CMMC 2.0.

Filed Under: Cybersecurity

Primary Sidebar

Types

  • Article
  • Press
  • Vlog
  • Webinar

Topics

  • Associations & Nonprofits
  • Construction
  • COVID-19
  • Cybersecurity
  • Digital Transformation
  • Education
  • Featured
  • Financial Services
  • Hartman News
  • Healthcare
  • Human Services
  • Interim Executive Placement
  • IT Due Diligence
  • IT Management
  • IT Strategy
  • Leadership
  • Manufacturing
  • Mergers & Acquisitions
  • Real Estate
  • Risk Management Consulting
  • State & Local Government
  • Strategic Services
  • Systems & Software
  • Telehealth

Related Blogs

Sustainable Commercial Real Estate

ESG & Sustainable Building in Commercial Real Estate

March 22, 2023

ESG standards are a set of guidelines that companies use to ensure they are operating in a socially responsible, environmentally friendly, and [...]
Read More

BaaS vector image

Banking-as-a-Service and Other Financial Services Trends for 2023

January 23, 2023

The banking and financial services industries are constantly evolving, and financial institutions need to embrace new technologies to both better [...]
Read More

global internet connection application technology and digital marketing

Zero-Day Exploits: A Comprehensive Checklist For Universities And Higher Education

October 5, 2022

The term “zero-day attack” refers to a cybersecurity vulnerability or software flaw that is exploited before vendors or developers are aware of [...]
Read More

Footer

It's Time to Reach Out
Are you ready for independent IT Leadership?
Contact Us

Hartman Executive Advisors

1954 Greenspring Drive Suite 320 Timonium, MD 21093
410-587-0064

Services

  • Business Strategy Consulting
  • Risk Management Consulting
  • IT Management Consulting
  • IT Strategy Consulting

Resources

  • Blog
  • Case Studies
  • eBooks
  • Executive Technology Survey Results
  • Maryland CIO Roundtable
  • Speaking Engagements
Sign Up for Our Newsletter
Subscribe to Hartman Executive Insights
  • This field is for validation purposes and should be left unchanged.

© 2023 Hartman Executive Advisors · Powered by 321 Web Marketing · Website Privacy Policy & Terms of Use