Designed to meet the basic safeguards to protect Federal Contract Information (FCI). CMMC Level 1 requires all Defense Contractors to implement a systems security plan that defines and addresses the 17 safeguarding controls described in DFARS 7012 clause. CMMC Level 1’s universally accepted cybersecurity best practices and processes set the groundwork needed for full Level 2 compliance, specifically for companies who create, house or transmit Controlled Unclassified Information (CUI).
How many controls fall under CMMC Level 1?
CMMC Level 1 includes the 17 safeguarding practices defined in the DFARS 252.204-7012 clause.
What focus falls under CMMC Level 1?
The primary focus of CMMC Level 1 is to ensure cybersecurity efforts are implemented and documented in a Systems Security Plan.
How do I know if I need to be compliant under CMMC Level 1?
If performing nonsensitive work that doesn’t require the handling of CUI, contractors will only need to reach CMMC Level 1 in most circumstances.
What is the difference between CMMC Level 1 and NIST 800-171?
A key difference between CMMC Level 1 and NIST 800-171 is that NIST 800-171 requires the on-going management of a systems security plan that addresses all 110 controls. CMMC Level 1 only requires the setup and documentation of basic 17 safeguards to ensure the protection of Federal Contract Information or other non-sensitive Defense data. Certain practices and procedures required in CMMC Level 1 serve to establish the most basic baseline cybersecurity hygiene and create a starting foundation.
Key actions of CMMC Level 1 adoption
Monitor and control access to data and systems
Establish an incident handling process to be able to report incidents to DoD
Detect and analyze security events
Execute vulnerability scans and analyze reports
Provide maintenance to remediate vulnerabilities discovered
Ensure Federal Control Information is secure and controlled
Document basic security controls and review them annually
Perform an annual risk assessment to self-assess and certify your compliance program
Learn more about CMMC and explore the other levels
Preparing for a CMMC Level 1 audit starts by taking a hard, thorough look at what cybersecurity measures your business currently performs and whether or not those processes are properly documented. From there, understand what gaps you have — both in terms of practice and documentation — based on what is required for Level 1 certification and begin to remedy those gaps. Once those gaps have been filled and an internal audit performed as a final check, then your business is ready to submit to a third-party auditor.
What processes and practices fall under CMMC Level 1?
Practices that provide for a basic cybersecurity foundation and a systems security plan are the meat of CMMC Level 1. Training personnel on cybersecurity best practices and procedures, creating and maintaining system audit logs, limiting the use of portable storage devices and tracking access back to individual users to create accountability are some of the controls required in Level 1
Getting Your Business to CMMC Level 1 and Beyond
Whether CMMC Level 1 is your goal or just a stepping stone onto a higher level of cybersecurity, the experts at Hyper Vigilance are ready to help you prepare for your CMMC audit. Through tailored, time-saving, cost-effective strategies, we’ll create and implement a systems security plan that meets your cybersecurity needs and readies your business for the threats of the modern world. Contact Hyper Vigilance today to get started.
Hyper Vigilance was the right choice to guide us through the cybersecurity process as we attempt to grow the business. They provide excellent service and we continue to look forward to working with the Hyper Vigilance team. We are very grateful for how they simplified the entire process and the efficiency during the transition to a secure platform!
Hyper Vigilance moved us from negative NIST score to almost full compliance in less than 1 month. The team is experienced, quick, efficient and works to find the best solution to maintain business operations while keeping security at maximum level. Communication and issue resolving is fast. Highly recommended.
We are required to comply with NIST 171 and CMMC to remain competitive for defense contracting, so we sought and received several quotes from reputable companies, and Hyper Vigilance was the top choice. They offered a higher level of assistance compared to others that were more expensive. The professionals at Hyper Vigilance have proved to be very knowledgeable, responsive, professional, and customer focused. The support they provide is very comprehensive and flexible, and have executed several innovative options/solutions to achieve our goal. Their technical professionals are always on the clock and are very responsive.