Introduction
The Cybersecurity Maturity Model Certification (CMMC) is a standard developed by the United States Department of Defense (DoD) to ensure that companies that work with the government have adequate cybersecurity measures in place. The CMMC model has five levels of certification, with level 1 being the most basic. In this article, we will discuss the basics of CMMC Level 1 and what you need to know to achieve compliance.
What is CMMC Level 1?
CMMC Level 1 is the most basic level of certification in the CMMC model. It is designed for companies that only need access to Federal Contract Information (FCI). FCI is unclassified information that is provided by the government to a contractor for the purpose of performing a federal contract. CMMC Level 1 requires the implementation of 17 basic cybersecurity practices. These practices are based on the requirements of the National Institute of Standards and Technology (NIST) Special Publication 800-171.
What are the 17 basic cybersecurity practices?
The 17 basic cybersecurity practices are as follows:
- Access Control
- Awareness and Training
- Audit and Accountability
- Configuration Management
- Identification and Authentication
- Incident Response
- Maintenance
- Media Protection
- Personnel Security
- Physical Protection
- Risk Assessment
- Security Assessment
- Situational Awareness
- System and Communications Protection
- System and Information Integrity
- Incident Response
- Recovery
How to achieve compliance with CMMC Level 1?
To achieve compliance with CMMC Level 1, companies must implement the 17 basic cybersecurity practices mentioned above. The following are the steps that companies can take to achieve compliance:
- Identify the scope of the system that requires compliance with CMMC Level 1.
- Perform a self-assessment to determine the company's compliance with the 17 basic cybersecurity practices.
- Identify any gaps and deficiencies and develop a plan to address them.
- Implement the plan and ensure that all 17 basic cybersecurity practices are in place.
- Obtain a third-party assessment to verify compliance with CMMC Level 1.
- Upload the assessment results to the DoD's Supplier Performance Risk System (SPRS).
Conclusion
CMMC Level 1 is the most basic level of certification in the CMMC model. It is designed for companies that only need access to Federal Contract Information (FCI). Compliance with CMMC Level 1 requires the implementation of 17 basic cybersecurity practices. Companies can achieve compliance by identifying the scope of the system that requires compliance, performing a self-assessment, identifying any gaps and deficiencies, developing a plan to address them, implementing the plan, obtaining a third-party assessment, and uploading the assessment results to the DoD's SPRS.
Ways We Can Help You
Contact us to receive assistance in navigating cybersecurity risks and information compliance for your company. Here are some additional ways we can help:
Schedule a free discovery session with us during which we can learn about your company, answer your questions, and assist you in determining if Cleared Systems is the right fit for you.
Register for our upcoming cybersecurity and information compliance training.
Purchase our books on CMMC 2.0, CUI, Data Breaches, and ITAR.
Join our weekly free webinar sessions to ask questions and learn about the latest developments in cybersecurity and information compliance.
Carl B. Johnson, President of Cleared Systems, is a highly experienced and a ITAR, CMMC 2.0, Microsoft GCC High, and Microsoft DLP/AIP consultant. With over twenty years of experience in information assurance, cybersecurity, policy development, risk management, and regulatory compliance, he brings a wealth of knowledge and expertise to his clients.
-
Carl B. Johnsonhttps://clearedsystems.com/author/cs-man/
-
Carl B. Johnsonhttps://clearedsystems.com/author/cs-man/
-
Carl B. Johnsonhttps://clearedsystems.com/author/cs-man/
-
Carl B. Johnsonhttps://clearedsystems.com/author/cs-man/
