Defense Industry, Protect Confidential Information

The CMMC is a collection of standards and practices to protect the confidential information of clients and the business. Utilization it makes it easier for you to communicate your needs to product and service providers as well as share and learn effective practices with others.

Created originally to support the Defense Industry, including supply chain members, it has great value for all businesses. 

America’s SBDC has adopted the  CMMC (Cybersecurity Maturity Model Certification) as the North Star to guide small businesses on the journey of cybersecurity and data breach protection activities. It was created by the Department of Defense. See private sector and defense applications below.

Basic

 Cyber Hygiene

Processes: Performed

Your organization performs the specified practices. Because you may be able to perform these practices only in an ad-hoc manner and may or may not rely on documentation.

 

Intermediate

 Cyber Hygiene

Processes: Documented

Your organization establishes and documents practices and policies to guide the implementation. The documentation of practices enables individuals to perform them in a repeatable manner. You develop mature capabilities by documenting their processes and practicing them as documented.

MORE COMING SOON

Good

Cyber Hygiene

Processes: Managed

Your organization establishes, maintains and resource a plan demonstrating the management of activities for practice implementation. The plan may include information on missions, goals, project plans, resourcing, required training, and involvement of relevant stakeholders.

MORE COMING SOON

CMMC
Level 4

Reviewed

Processes: Proactive

Level 4 requires that an organization review and measure practices for effectiveness. In addition, organizations at this level are able to take corrective action when necessary and inform higher level management of status or issues on a recurring basis.

CMMC
Level 5

Advanced/Proactive

Processes: Optimizing

Level 5 requires an organization to standardize and optimize process implementation across the organization.

Private Sector

The CMMC is intended to serve as a verification mechanism to ensure appropriate levels of cybersecurity practices and processes are in place to ensure basic cyber hygiene as well as protect confidential information (CI) that resides on with the business. Some may belong to business partners, clients, or others.

Defense Industrial Base

The CMMC is intended to serve as a verification mechanism to ensure appropriate levels of cybersecurity practices and processes are in place to ensure basic cyber hygiene as well as protect controlled unclassified information (CUI) that resides on the Department’s industry partners’ networks. The term CUI is defined by the National Archives here.

Americas SBDC is utilizing the CMMC as our North Star. This gives businesses purpose, “to protect confidential information”, of their own, employees, partners, and clients who entrust them with confidential and private information.  it also provides milestones and ability to share good practices with others, including sector specific good practices against unique threats.

More coming very soon

Questions?

Contact us at: cmmc@americassbdc.org or call 202-839-5563

America’s SBDC is the association that represents America’s nationwide network of Small Business Development Centers (SBDCs).

Contact your local SBDC for no-cost business consulting and low-cost business training.

© 2020 America’s SBDC