CMMC stands for "Cybersecurity Maturity Model Certification,"and it is a set of guidelines developed by the U.S. Department of Defense (DoD) to help protect sensitive government information and data from cyber threats. CMMC is designed to establish a standardized framework for cybersecurity that defense contractors and other organizations must follow in order to do business with the DoD. CMMC Level is governed by DFARS 252.204-7020 which sets the applicable CMMC level based on the type of information being held or produced.
CMMC Level 1 is the first level of certification in the CMMC framework, and it establishes basic cybersecurity practices and controls that must be in place to protect Federal Contract Information (FCI) from unauthorized access or theft as required by DFARS 252.204-7012. To achieve Level 1 certification, organizations must implement basic cybersecurity practices such as access control, incident response, and system integrity.
In essence, CMMC Level 1 is a starting point for organizations to demonstrate their ability to safeguard sensitive government information, and it is a prerequisite for higher levels of certification in the CMMC framework. Organizations handling CUI will be required to implement the stricter CMMC Level 2 requirements.
At SherTech we provide custom solutions to your business. We will assist in creation of policies and technical security controls to ensure your business is compliant.