Your organization processes Controlled Unclassified Information (CUI) for the DoD. You are aware of the forthcoming DoD mandate to comply with the CMMC standard.
You understand that an Organization Seeking Certification (OSC), which would be your organization, a member of the DIB that processes CUI, must meet the requirements of CMMC Level 2.
How do you get started? What do you need to do to get ready for a CMMC Level 2 Assessment? The focus of this document is to identify key steps for an OSC to be prepared, to be ready, and to be successful in achieving CMMC Level 2 Certification.
The journey for CMMC readiness for a Level 2 Assessment starts with understanding all of the core requirements and the official documents provided by the DoD.
This document provides assessment guidance for conducting CMMC assessments for Level 2. The CMMC levels and the associated set of practices are cumulative. In order for a DIB contractor to achieve CMMC Level 2 certification, it must demonstrate achievement of all Level 1 and Level 2 practices. A CMMC assessment is the methodology to certify that a contractor is compliant with the CMMC Level 2 standard. Contractors requiring a CMMC Level 2 certification must have a CMMC Level 2 assessment conducted by CMMC Third-Party Assessor Organization (C3PAO) and a CMMC Certified Assessor.
CMMC Levels 1 and 2 consist of the security requirements specified in NIST SP 800-171, Protecting CUI in Nonfederal Systems and Organizations. CMMC Level 1 addresses the protection of Federal Contract Information (FCI) and encompasses the basic safeguarding requirements for FCI specified in Federal Acquisition Regulation (FAR) Clause 52.204-21. CMMC Level 2 addresses the protection of CUI, which has been defined by the National Archives and Record Administration (NARA).
Reviews
There are no reviews yet.