Securing Controlled Unclassified Information

SECURING CONTROLLED UNCLASSIFIED INFORMATION

All organizations that process, store, or transmit CUI will need to undergo Cybersecurity Maturity Model Certification (CMCC) in order to validate their cybersecurity practices and prove protection for controlled unclassified information.

Different levels of the CMMC security requirements and levels include more advanced practices to reduce cybersecurity risk as more CUI is present or the further up the DoD supply chain the contractor goes, denoting a higher certification level requirement.

Leading DoD contractors are choosing CyberStrong to protect and secure controlled unclassified information and to prepare for the Cybersecurity Maturity Model Certification (CMMC).

CMMC Certification Levels

The requirements for CMMC certification depend on the level of certification.

Here is a short explanation of the certification levels, with each level building upon the previous level’s requirement. For example, to complete Level 2, you will need to have completed all the requirements of Level 1 plus additional requirements.

Level 1:	Basic Cyber Hygiene	DoD service providers who prefer to pass an examination at this level should execute 7 controls of NIST 800-171 rev1.
Level 2:	Good Cyber Hygiene	To accomplish level 3 certification, the last 45 controls of NIST 800-171 Rev1 and 13 new "Other" controls need to be carried out.
Level 3:	Good Cyber Hygiene	To accomplish level 3 certification, the last 45 controls of NIST 800-171 Rev1 and 13 new "Other" controls need to be carried out.
Level 4:	Proactive Cybersecurity	Along with controls from levels 1 through 3, 11 additional controls of NIST 800-171 Rev2 plus 15 new "Other" controls are required.
Level 4:	Advanced/ Progressive Cybersecurity	For the maximum level, DoD specialists must carry out the last four controls in NIST 800-171 Rev2 together with 11 new "Other" controls.