Are you a DoD contractor, sub-contractor, or sell products utilized in defense programs? If so, are you ready for CMMC? The Department of Defense has updated and released CMMC Version 1.02, 8 March 2020. All those who supply products to the DoD must comply and be certified under CMMC to win new contracts and for some, to maintain ones already awarded. Fortunately, Phy-Cy.X is here to assist as we offer our consulting, managed services and assessment offerings to tackle this endeavor. Additionally, Phy-Cy.X has applied for certification statuses and will be pursuing Certified Third Party Audit Organizations (C3PAO) certification to conduct future CMMC audits. This ensures, Phy-Cy.X will be the resident expert on the CMMC subject matter for those organizations whom desire compliance assistance! NOTE: CMMC AB does not allow for both support and audit by the same organization. For those organizations Phy-Cy.X provides CMMC consulting and management services, we will find the best audit organization for your desired level of certification.

Certification levels (1-5)

Level 1 only requires practice (technical) activities, while certification Levels 2 -5 contain both practice and process (documentation) requirements. In total there are 17 domains covering down on 17 line items for Level 1 up to 173 line items for Level 5.

Level 1 – Focuses on basic cyber hygiene as specified within 48 CFR 52.204-21. No process requirement.

Level 2 – Focuses on intermediate cyber hygiene. Standard operating procedures, policies and plans are established.

Level 3 – Focuses on good cyber hygiene that meets NIST SP 800-171 Rev 1. Review of adherence to policy and procedures and adequate resources.

Level 4 – Substantial and proactive cybersecurity program. Review for effectiveness and informs management of issues.

Level 5 – Ability to optimize capabilities to repel advanced persistent threats (APT). Standardization across all organizational units and improvements shared.