CMMC Implementation Services
NHMEP provides Levels 1 and 2 of CMMC Implementation to New Hampshire manufacturers who are DoD suppliers or sub-contractors. We begin by working with your IT management on a gap analysis of your current cybersecurity strategies to discover strengths, weaknesses and the best solution to bring your company into CMMC compliance.
What is CMMC?
CMMC Version 2.0 was released in late 2021 and serves as a unified cybersecurity standard for future Department of Defense (DoD) acquisitions. CMMC 2.0 has simplified the prior CMMC v1.0 requirements by establishing three increasingly progressive levels – Foundational, Advanced and Expert – and aligns the requirements at each level with NIST 800-171 cybersecurity standards.
For the bidding process on DoD contracts, CMMC will ensure a fairer process by outlining required levels based on your company’s business requirements. It works to establish best practices through defining and structuring action that must be taken by a company to prove that it has incorporated these practices.
The CMMC Framework
CMMC v2.0 organizes processes and cybersecurity best practices into a set of 14 domains. Each of the domains contain one or more practices spanning the three levels.
The 14 Domains
Each domain is comprised of processes and capabilities across the five levels. The domains include:
- Access Control (AC)
- Awareness and Training (AT)
- Audit and Accountability (AU)
- Configuration Management (CM)
- Identification and Authentication (IA)
- Incident Response (IR)
- Maintenance (MA)
- Media Protection (MP)
- Personnel Security (PA)
- Physical Protection (PE)
- Risk Management (RM)
- Security Assessment (CA)
- System and Communication Protection (SC)
- System and Information Integrity (SI)
Level 1: Foundational
Level 1 is equivalent to the 17 practices in Federal Acquisition Regulation (FAR) 48 CFR 52.204-21 from FAR Clause 52.204-21, which is intended to ensure basic safeguarding of federal contract information (FCI).
Level 2: Advanced
Level 2 is equivalent to the practices in NIST SP 800-171, which includes the 17 Level 1 practices. A total of 110 practices must be implemented at this level for organizations to demonstrate compliance with the advanced cybersecurity requirements to protect controlled unclassified information (CUI).
To get started with a gap analysis for CMMC Implementation or to learn more, please contact NH MEP:
“Working with the Partnership was a cost effective way to remain ahead of implementation timelines to achieve compliance with NIST 800-171. Their administrative and technical assistance provided a rich contextual understanding of controlled information and information systems, and guided our company’s policy approach to information exchange governance. We are now better prepared to meet current and emerging information security obligations for all of our clients.”
The National Institute of Standards and Technology (NIST) Labs have developed a Behavioral Anomaly Detection cyber solution for manufacturers.
Use it to preempt cyberattacks, rather than dealing with the consequences.
View and download the pdf Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection.