Maximize your protection, eliminate business risks.
Optimize and modernize with cloud transformation.
Empower your people to work securely from anywhere.
What it takes to convince leadership that migrating to the cloud is the right move.
Let us handle IT so you can focus on growing your business.
Get multichannel 24/7/365 expert end-user support.
Stay ahead of attacks with 24/7 protection and monitoring.
Maximize uptime with with industry-leading DRaaS.
Improve efficiency, productivity and outcomes with cloud.
Ensure all mobile devices, everywhere, are secure.
Gain a competitive edge with strategic IT solutions.
This battle-tested checklist enables your team to swiftly initiate a ransomware response.
IT for businesses of all sizes, in any industry.
Empower institution growth with custom IT solutions.
Ensure your firm is always in compliance.
Improve patient care and staff morale.
Deal with pressing legal matters, not IT.
Keep up with the evolving digital landscape.
Focus on your mission by outsourcing IT.
Accelerate PE client deals and secure data.
Leverage your technology as a strategic asset.
Execute initiatives and develop IT strategies.
Get the latest industry insights and trends.
Join us at events in person and online.
Hear from clients and learn more about strategic IT.
See how Dataprise can make IT your greatest asset.
Get informative technical resources from IT experts.
Stay on stop of emerging cybersecurity threats.
Discover the key areas of DR your organization needs to address to ensure downtime is minimized.
Gain a strategic asset by bringing harmony to IT.
Ensure 24/7 support and security with dedicated teams.
Drive business forward by partnering with Dataprise.
Meet our one-of-a-kind leadership team.
Discover the recognition Dataprise has earned.
Help us help businesses with strategic IT.
Embracing different perspectives and backgrounds.
Find a Dataprise location near you.
Dataprise is committed to empowering more women to consider a career in technology.
Posts
By: Dataprise
Table of content
CMMC refers to the Cybersecurity Maturity Model Certification, a program created for federal contracts by the Department of Defense (DoD). Designed to protect sensitive information, the requirements have recently been revamped to a 2.0 version. Learn more about what this means for contractors and why it’s so important to get ahead of this certification.
CMMC is meant to assure the DoD that the security controls and protocols of federal contractors are sufficient to keep data, including Controlled Unclassified Information (CUI) and Federal Contract Information (FCI), under the proverbial lock and key. The level an organization needs to meet will depend on its access to sensitive data.
The original CMMC featured five security levels for cyber hygiene:
The last three levels require complete compliance with NIST 800-171 plus additional bespoke practices and processes depending on the organization in question.
CMMC was introduced as an update to the cybersecurity regulations in the Defense Federal Acquisition Regulations Supplement (DFARS). The original rules were published as an interim but required that most defense contractors and subcontractors would be certified by 2025 by a third party. After the Biden Administration conducted a review of the requirements, the government came out with version 2.0.
CMMC 2.0 has simplified the original five levels into three levels. It continues to allow for self-assessment with Level 1 and part of a divided Level 2. All other parties will need third-party certification. Contractors who handle CUI will also need to comply with the Defense Federal Acquisition Regulations Supplement (DFARS), a provision that lays out the general policies of the DoD and the relevant legal requirements for contractors.
CMMC 2.0 was created after Defense Industrial Base (DIB) companies expressed concerns about confusing rules and a corresponding lack of compliance. The certification requirements also posed a threat to small businesses, which led to a reduction in potential contractors for the DoD to choose. For instance, a third-party certification is now no longer needed on Level 1, which may make it easier for leaders to satisfy regulations without impacting operations.
The new levels of CMMC 2.0 are:
Who needs CMMC certification? As you might be able to tell from the description of Level 2, this question still seems up for debate.
If you’re concerned about CMMC compliance, we highly encourage you to get ahead of this requirement. The projected estimate is that CMMC 2.0 will go live anywhere from 9 months to 2 years from now, but there’s no reason to wait until the last minute.
While the new rules are designed to simplify things in theory, the actual dividing lines in terms of levels and self-assessments are anything but straightforward. Plus, even if you are solidly at Level 1, it can be a good idea to have a third party take a look at the efficacy of your security. In other words, getting certified now can be the best move you ever made. Want to know if your DoD cybersecurity program is following all the best practices? Take our cyber hygiene quiz to learn more.
Dataprise offers a full suite of managed cybersecurity and data protection services that allow your business to reach cyber maturity quickly. Our cyber program management incorporates your company’s structure, mission, and goals so that we can align our cyber program to reduce risks and investment impact. With a myriad of the top security certifications, our experienced technicians will ensure your vital data and networks are protected. Our cyber hygiene management program includes a cyber security model assessment, firewall audits, regulatory compliance assessments, automated reporting, and much more. Contact us today to learn more about our cyber program management.
INSIGHTS
Subscribe to our blog to learn about the latest IT trends and technology best practices.