Cybersecurity Maturity Model Certification (CMMC) is a set of cybersecurity standards that organizations can use to measure and improve the security of their information systems. The United States Department of Defense (DoD) developed this certification as a preventive measure against increasing cyberattacks on government contractors and their supply chains.
At BTI, our mission as a certified assessment provider (C3PAO), training provider (LTP), and implementation expert is to help your organization achieve your required CMMC level.
Select Your Step in the User Journey
We provide several services based on where you’re at in the certification process. Where do you want to start?
I’m interested in CMMC advisory services: If you are starting your journey, we can offer guidance for which steps you should take.
View Consulting Services
I want CMMC training: When you need to take steps to achieve certification, our team can help you understand what’s necessary for full compliance and learn how to take the necessary steps to achieve this goal.
I’m ready for my CMMC assessment: Once you are ready to begin, we’ll assess areas like your company’s cybersecurity procedures, technical controls, policies, and documentation to see how prepared you are for potential breaches.
CMMC services are designed to help your company protect sensitive data and comply with Cybersecurity Maturity Model Certification. This certification will prove that you have implemented a robust cybersecurity program capable of protecting sensitive information and allow you to work with the DoD, as CMMC for DoD contractors is a government requirement.
These services include:
- Assessment and gap analysis: Our team will conduct a thorough assessment of your organization’s current cybersecurity practices and find the gaps between your existing framework and the CMMC requirements.” add to this “NIST 800-171 results are reportable now in PIEE and CMMC results results as required by specific contract.
- Policy and procedure development: We can help your company develop and implement a comprehensive cybersecurity infrastructure.
- Technical implementation: Our experts will assist you in configuring your systems and controls in accordance with policy to comply with NIST 800-171 and CMMC Level 1 or 2.
Level 1 (Foundational)
Basic Cybersecurity Practices
The lowest level of security controls a government contractor must have in place to earn a Cybersecurity Maturity Model Certification. All DIB contractors and subcontractors require at least CMMC Level 1 compliance to do business with the DoD. Level 1 demonstrates that an organization has the basic security controls in place to adequately protect FCI, which is not intended for public release. Level 1 has 17 practices that qualified government contractors should meet.
Level 2 (Advanced)
Intermediate Cybersecurity Practices
Level 2 is the transitional phase between basic security measures to protect FCI and the measures required for sound protection of CUI. This is the bridge between baseline requirements and the authorization to handle sensitive data. Reaching this level indicates that a contractor is working towards good cyber hygiene while continuing to establish the processes needed to protect CUI. To obtain this level, contractors must demonstrate they have 72 specific security practices in place.
Level 3 (Expert)
Advanced Cybersecurity Practices
Organizations that have reached CMMC Level 3 have should already have the basic security controls in place needed to protect sensitive data. Level 3 requires that an organization establish, maintain, and resource a plan demonstrating the management of activities for practice implementation. The plan may include information for missions, goals, project plans, resources, required training, and involvement of relevant stakeholders. Building on the security requirements of Levels 1 and 2, obtaining Level 3 indicates a contractor has put 130 cybersecurity requirements in place.
CMMC Model Overview
CMMC impacts organizations that work with the DoD and must protect sensitive information that is critical to national security. These companies must meet specific CMMC certification levels before they bid on contracts.
CMMC certification can also benefit your company even if you’re not in the DoD supply chain. This comprehensive framework for assessing and improving cybersecurity maturity sets your business up with advanced protection from online threats. You’ll also prove to your customers and stakeholders that your company takes cybersecurity seriously.