CMMC Certification Process
Factors to Consider When Determining Which CMMC Level Aligns With Your Organization’s Business
CUI (Controlled Unclassified Information): Depending on the information you handle, you will need to qualify for at least one of the three (3) certification levels.
- CMMC Level 1 is the minimum requirement for all defense contractors that handle Federal Contract Information (FCI). It establishes best practices for basic cyber hygiene.
- CMMC Level 2 is intended for those companies that store, process, and/or handle Controlled Unclassified Information (CUI).
- CMMC Level 3 is aimed at reducing the danger of Advanced Persistent Threats (APTs). It is intended for companies that collaborate with CUI on the Department of Defense’s highest-priority programs.
Status of existing infrastructure: The degree of cyber maturity exhibited by the organization can also have an impact.
Number of locations: Companies with multiple branches are likely to have different timeline requirements than those with only one facility.
Context: Every environment is different and requires a custom approach.