CMMC Level 3 Requirements

An organization assessed at CMMC Level 3 will have demonstrated good cyber hygiene and effective implementation of controls that meet the security requirements of NIST SP 800-171 Rev 1 as well as additional practices from other standards and references to mitigate threats.

CMMC Level 3 indicates a basic ability to protect and sustain an organization’s assets and CUI; however, at CMMC Level 3, organizations will have challenges defending against advanced persistent threats (APTs).

For process maturity, a CMMC Level 3 organization is expected to adequately resource activities and review adherence to policy and procedures, demonstrating management of practice implementation.

The new CMMC is a complicated model that will require DoD contractors to review, assess, and make necessary changes to cybersecurity controls to bid on future DoD contracts. The best place to start is a CMMC readiness assessment which will review your current infrastructure and identify the changes which need to be made.

MEET YOUR TEAM LEADER



Neena Shukla, CPA, CFE, CGMA, FCPA, CTP

Partner, Government Contracting Team Leader