Our cyber security products span from our next gen SIEM used in the most secure government and critical infrastructure environments, to automated cyber risk reporting applications for commercial and government organisations of all sizes.
The Cybersecurity Maturity Model (CMMC) is a US initiative lead by the Office of the Assistant Secretary of Defense for Acquisition within the Department of Defence (DoD). It imposes requirements on DOD contractors and subcontractors to help safeguard information within the US defense supply chain. The CMMC encompasses three maturity levels that range from Foundational, to Advanced, to Expert. The intent is to identify the required CMMC level in RFPs and use as a “go / no go decision” when selecting suppliers.
Huntsman Security solutions provide excellent support for CMMC requirements.
CMMC provides a means of improving the alignment of maturity processes and cyber security practices with the type and sensitivity of information to be protected and the range of threats.
Suppliers looking to achieve CMMC Maturity Level 2 and above need to undertake an audit and obtain certification from a third-party auditor that appropriate maturity in processes and practices is being achieved. Maturity Level 1 is a self-attestation process.
The CMMC framework consists of processes and practices organised into a set of domains that are mapped across three maturity levels. The model is cumulative, which means that in order to achieve a desired maturity level, an organisation must also demonstrate achievement of the preceding lower levels. The 14 domains are summarised here. Full details can be found on the official government site here.
CMMC version 1.0 became available in January 2020. From June 2020, the requirements formed part of the DoD’s Request’s for Information. CMMC version 2.0 reshaped the levels from 5 (in version 1.0) to the 3 it now has (old levels 2 and 4 were seen as transitional stages) and combined/reduced the domains from 17 to 14. This was released in November 2021 and will come into force once the rules and policies supporting it have been published. Note at this time (February 2023) the rule making process has not yet been completed.
If you are a certified auditor or you are looking to implement the framework’s requirements, Huntsman Security’s solution provides excellent coverage. This table shows the number of practices in each domain and Huntsman Security’s coverage of requirements.
In summary, the Huntsman Security solution provides coverage or partial coverage of all 14 domains and supports:
The solution includes coverage of operational controls directly, the monitoring of control operation and assurance (and regular reporting) of control effectiveness.
Download the Compliance Guide to explore how Huntsman Security’s solution supports the certification process and improvement of cyber hygiene.
To find out more about how Huntsman Security solutions can support compliance with CMMC, contact Huntsman Security via the button below.
Read by directors, executives, and security professionals globally, operating in the most complex of security environments.