An Overview of CMMC
The Cybersecurity Maturity Model Certification, also known as CMMC, is a new standard for implementing cyber security controls across the 300,000 companies in the DOD’s supply chain. This framework combines controls and ideas from several NIST, ISO, and AIA frameworks to create a standardized and unified control set and methodology for DOD contractors.
CMMC is based around a maturity model, with different levels of maturity required for different contracts. Certification level needed should be specified in your DOD contract if you are unsure of which to pursue. Maturity levels are as follows:
- Level 1: Performed (Basic Cyber Hygiene)
- Level 2: Documented (Intermediate Cyber Hygiene)
- Level 3: Managed (Good Cyber Hygiene)
- Level 4: Reviewed (Proactive)
- Level 5: Optimizing (Advanced / Progressive)
More information on the maturity levels can be found here.
Getting CMMC Compliant with NuHarbor Security
As your trusted end-to-end security provider, NuHarbor offers a wide range of services and are here to assist you in all stages of the CMMC certification process.
CMMC Readiness Assessment
If you are looking to get a head start on preparing for CMMC compliance, a great place to start is to perform a CMMC Readiness Assessment. NuHarbor will evaluate where you are currently as well as outline what will be required to prepare for the level of CMMC certification that you are pursuing.
CMMC Penetration Testing
Depending on your level of certification, your organization may need to conduct periodic penetration testing and red teaming activities to stay compliant. NuHarbor REDSEC teams have the technical expertise and experience to evaluate network, operating system, and application-level security. These penetration tests go far beyond an automated vulnerability scan that other “penetration testers” offer and the REDSEC team will work with your organization and specific requirements to customize the process to work for you.
CMMC Security Monitoring and MSSP
Looking to meet auditing and logging requirements for CMMC? NuHarbor MSSP services can help fulfill CMMC auditing and logging requirements across every certification level, and the NuHarbor Splunk Services team can onboard clients quickly and around a schedule that is easiest for the client. Looking to implement a robust security auditing and monitoring program for CMMC compliance? Check out our Splunk MSSP and CMMC Certification Support page.
CMMC Development and Documentation of System Security Plans (SSP)
Developing a CMMC System Security Plan can be a daunting task, but NuHarbor is here to guide you through the process. Not sure where to start or just need some advice? Get in contact with us!
End-To-End CMMC Support
Whatever your CMMC requirements are, NuHarbor Security has the end-to-end cybersecurity services to be your trusted partner and help you prepare for certification. Whether you are just getting started or you are close to the finish line NuHarbor is here to support your compliance needs.
by: Jack Danahy
Vice President of Product & Engineering
Follow us on Social Media for more information: