What is CMMC?

The Cybersecurity Maturity Model (CMMC) is a US initiative lead by the Office of the Assistant Secretary of Defense for Acquisition within the Department of Defence (DoD). It imposes requirements on DOD contractors and subcontractors to help safeguard information within the US defense supply chain. The CMMC encompasses three maturity levels that range from Foundational, to Advanced, to Expert. The intent is to identify the required CMMC level in RFPs and use as a “go / no go decision” when selecting suppliers.

Huntsman Security solutions provide excellent support for CMMC requirements.

A summary of CMMC requirements

CMMC provides a means of improving the alignment of maturity processes and cyber security practices with the type and sensitivity of information to be protected and the range of threats.

Suppliers looking to achieve CMMC Maturity Level 2 and above need to undertake an audit and obtain certification from a third-party auditor that appropriate maturity in processes and practices is being achieved. Maturity Level 1 is a self-attestation process.

CMMC Maturity Levels

The CMMC framework consists of processes and practices organised into a set of domains that are mapped across three maturity levels. The model is cumulative, which means that in order to achieve a desired maturity level, an organisation must also demonstrate achievement of the preceding lower levels. The 14 domains are summarised here. Full details can be found on the official government site here.

CMMC Domains Overview

When do suppliers need to comply?

CMMC version 1.0 became available in January 2020. From June 2020, the requirements formed part of the DoD’s Request’s for Information. CMMC version 2.0 reshaped the levels from 5 (in version 1.0) to the 3 it now has (old levels 2 and 4 were seen as transitional stages) and combined/reduced the domains from 17 to 14. This was released in November 2021 and will come into force once the rules and policies supporting it have been published. Note at this time (February 2023) the rule making process has not yet been completed.

How Huntsman Security meets CMMC requirements

If you are a certified auditor or you are looking to implement the framework’s requirements, Huntsman Security’s solution provides excellent coverage. This table shows the number of practices in each domain and Huntsman Security’s coverage of requirements.

In summary, the Huntsman Security solution provides coverage or partial coverage of all 14 domains and supports:

  • 15/17 of level 1 practices (88%)
  • 77/93 of level 2 practices (83%)
  • Overall, 92/110 practices (84%)

The solution includes coverage of operational controls directly, the monitoring of control operation and assurance (and regular reporting) of control effectiveness.

Huntsman Security’s coverage of CMMC Domains

Mapping to the requirements

Download the Compliance Guide to explore how Huntsman Security’s solution supports the certification process and improvement of cyber hygiene.

Find out more

To find out more about how Huntsman Security solutions can support compliance with CMMC, contact Huntsman Security via the button below.

SIGN UP TO RECEIVE CYBER SECURITY INSIGHTS

Read by directors, executives, and security professionals globally, operating in the most complex of security environments.