Basic Cybersecurity Hygiene
Requires that an organization performs and adheres to 17 cybersecurity requirements
What is CMMC?
The Cybersecurity Maturity Model Certification is a new unified standard for implementing cybersecurity across the defense industrial base (DIB). The CMMC is the Department of Defense’s (DoD) response to significant compromises of sensitive data located within their supply chain, which consists of over 300,000 companies.
There are 5 different maturity levels of the Cyber Security Maturity Model, ranging from the minimum level of security with 17 requirements, and the highest level of maturity with over 170 requirements. An organization will be eligible for various contracts based on its maturity level.
For example, most contracts that don’t have Controlled Unclassified Information will most likely only need a level 1 maturity certification. The higher the level of compliance with CMMC, the more contracts an organization is eligible to bid and win. Although proof of compliance with CMMC is not needed at the time of the bid, it will be needed to formally accept the contract.
Registered Provider Organization
A Registered Provider Organization and their Registered Practitioners offer advice, consulting, and recommendations to their clients in regards to the CMMC ecosystem. The goal of an RPO is to help companies within the DoD supply chain determine what maturity level they must acquire and guide them through the process through to certification.
To be an authorized CMMC RPO, an organization must pass an organizational background check and have at least one Registered Practitioner must be associated with the RPO at all times.
A common misconception is that an RPO and its Registered Practitioners conduct the CMMC audits, but this is not the case. Registered Provider Organizations and Registered Practitioners prepare an organization for the official CMMC audit that is performed by a Certified Third-Party Assessor Organization (C3PAO) and Certified CMMC Assessors.
Registered Practitioners
