Red Queen-supported frameworks
FRAMEWORK
CMMC
Cybersecurity Maturity Model Certification
-
The Cybersecurity Maturity Model Certification (CMMC) is a unified standard for implementing cybersecurity measures across the defense industrial base (DIB) to protect sensitive information.
-
It was developed by the U.S. Department of Defense (DoD) to address varying levels of cybersecurity maturity within the supply chain and enhance overall cyber resilience.
-
Five Maturity Levels:
-
CMMC defines five maturity levels, each representing a progression in an organization's cybersecurity practices and capabilities.
-
Levels range from Basic Cyber Hygiene (Level 1) to Advanced/Progressive (Level 5), with increasing requirements for safeguarding sensitive information at higher levels.
-
Framework Components:
-
CMMC is organized into 17 capability domains, covering aspects like access control, incident response, and security training.
-
These domains align with established cybersecurity standards, such as NIST SP 800-171, and organizations must demonstrate compliance with the specific practices outlined in these domains.
-
Certification and Compliance:
-
CMMC certification is a prerequisite for contractors and subcontractors participating in DoD contracts, with the certification level determined by the sensitivity of the information they handle.
-
Certification assessments are conducted by certified third-party assessment organizations (C3PAOs) to ensure that organizations meet the cybersecurity requirements outlined in the CMMC framework.