Advertisement
opexxx

Cmmc

May 13th, 2020 (edited)
190
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.25 KB | None | 0 0
  1. The CMMC is a certification procedure developed by the Department of Defense (DoD) to certify contractors have the controls to protect sensitive data including Federal Contract Information and Controlled Unclassified Information (CUI). The CMMC Model is based on the best-practices of different cybersecurity standards including NIST SP 800-171, NIST SP 800-53, ISO 27001, ISO 27032, AIA NAS9933 and others into one cohesive standard for cybersecurity. The Domains have seventeen (17) sections listed below:
  2.  
  3. Access Control
  4. Asset Management
  5. Audit and Accountability
  6. Awareness and Training
  7. Configuration Management
  8. Identification and Authentication
  9. Incident Response
  10. Maintenance
  11. Media Protection
  12. Personnel Security
  13. Physical Security
  14. Recovery
  15. Risk Management
  16. Security Assessment
  17. Situational Awareness
  18. Systems and Communications Protection
  19. System and Information Integrity
  20. The CMMC contains five levels ranging from basic hygiene controls to state-of-the-art controls, but unlike NIST 800-171, the CMMC will not contain a self-assessment component. Every organization that plans to conduct business with the Department of Defense will be required to undergo an audit by an authorized auditing entity before bidding on a contract or subcontracting to a prime.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement