Embed Size (px)
Citation preview
Cybersecurity Maturity Model Certification (CMMC) Readiness AssessmentThe Department of Defense (DoD) has put in place the CMMC standard to align stringent cybersecurity processes and practices across the Defense Industrial Base for all defense contractors and subcontractors that handle controlled unclassified information. As cyber threats continue to evolve, the CMMC framework ensures DoD suppliers have the proper cybersecurity measures in place to protect sensitive information sought after by nation-sponsored attackers and cybercriminals.
Many organizations that do business with the DoD and other government agencies are struggling to meet CMMC requirements. As a registered provider organization, Pondurance is here to help your organization overcome these challenges and guide your way to CMMC readiness.
SCOPEIt’s important to understand which level of CMMC your organization requires. The CMMC has five distinct levels of certification to ensure that each defense contractor working with the DoD has the required cybersecurity measures in place to protect sensitive information.
CMMC READINESS ASSESSMENTIt’s important to understand which level of CMMC your organization requires. The CMMC has five distinct levels of certification to ensure that each defense contractor working with the DoD has the required cybersecurity measures in place to protect sensitive information.
INTERMEDIATECYBER
HYBIENE
RECOMMENDATIONS REMEDIATION
BASICCYBER
HYBIENE
READINESS ASSESSMENT
AUDIT AND CERTIFICATION
1
1 2 3 4 5
2 3 4 5
GOODCYBER
HYBIENE
PROACTIVE ADVANCED/
PROGRESSIVE
SECURITY OPTIMIZATION
LEVEL
PROCESSES
PRACTICES PERFORMED
READINESS ASSESSMENT
DOCUMENTED
RECOMMENDATIONS
MANAGED
REMEDIATION
REVIEWED
AUDIT AND CERTIFICATION
OPTIMIZING
SECURITY OPTIMIZATION
Any supplier contracting
with the DoD will require
Level 1 certification.
Required security controls:
35
This is a transitional
level to make it easier to obtain CMMC Level 3 certification.
Required security controls:
150
The majority of DoD
acquisitions will require CMMC
Level 3.
Required security controls:
241
Fewer companies
handle sensitive information at this level.
Required security controls:
336
Very few companies
handle this data.
Required security controls:
370
Pondurance identifies any deficiencies
across all relevant CMMC
domains and related processes,
capabilities, and practices.
Pondurance provides you with recommendations
based on our skilled registered practitioners that
have years of experience auditing
and identifying security gaps.
As part of the remediation
phase, we offer the option of staff augmentation if
desired.
Work directly with a Pondurance CMMC third-
party assessor organization
partner or a third-party assessor of
your choice.
Ongoing security protection
is critical to continually
protect CUI. A well-document
plan and 24/7 detection and response can
help you maintain your certification.
Copyright © 2021 Pondurance
pondurance.com500 N. Meridian St., Suite 500, Indianapolis, IN 46204
Contact Pondurance for Your CMMC
Assessment Today!
We also offer Pondurance Managed Detection and Response services, a comprehensive Vulnerability Management Program, and Incident Response (IR). IR is a suite of services that can help you develop a plan of action designed to correct deficiencies and reduce vulnerabilities within your ecosystem.
