top of page

Red Queen-supported frameworks



Cybersecurity Maturity Model Certification

  • The Cybersecurity Maturity Model Certification (CMMC) is a unified standard for implementing cybersecurity measures across the defense industrial base (DIB) to protect sensitive information.

  • It was developed by the U.S. Department of Defense (DoD) to address varying levels of cybersecurity maturity within the supply chain and enhance overall cyber resilience.

  • Five Maturity Levels:

  • CMMC defines five maturity levels, each representing a progression in an organization's cybersecurity practices and capabilities.

  • Levels range from Basic Cyber Hygiene (Level 1) to Advanced/Progressive (Level 5), with increasing requirements for safeguarding sensitive information at higher levels.

  • Framework Components:

  • CMMC is organized into 17 capability domains, covering aspects like access control, incident response, and security training.

  • These domains align with established cybersecurity standards, such as NIST SP 800-171, and organizations must demonstrate compliance with the specific practices outlined in these domains.

  • Certification and Compliance:

  • CMMC certification is a prerequisite for contractors and subcontractors participating in DoD contracts, with the certification level determined by the sensitivity of the information they handle.

  • Certification assessments are conducted by certified third-party assessment organizations (C3PAOs) to ensure that organizations meet the cybersecurity requirements outlined in the CMMC framework.

Here is how we do it:

bottom of page