CMMI Consultant Blog

CMMI Frequently Asked Questions and their responses from CMMI Consultant(s)

  • Home
  • CMMI FAQ
  • CMMI Services
  • About Rajendra Khare
  • « Go to Parent Site – DQSIndia.com

Search CMMI Consultant Blog




What is CMMC? The New Cybersecurity Maturity Model Certification from DOD with Latest Updates

CMMI FAQ 0


30th November, 2019

What is CMMC?

CMMC (Cyber Maturity Model Certification) is a certification process developed by DOD (Department of Defense, USA) for its Contractors to ensure that they have the system for protection of sensitive data including Federal Contract Information and Controlled Unclassified Information. CMMC Model is based on the best-practices of different cyber security standards i.e. NIST 800 Standards, Federal Regulations, Defense Federal Acquisition Regulations Supplement (DFARS), UK’s Cyber Essentials and Australia’s Essential Eight. The CMMC previous version 0.4 was release on 30 August 2019. The New Draft Version 0.6 was released on 7 Nov 2019 with the significant changes in mode. This model is only up to Level 3. CMMC Model Ver. 0.6 contains following 4 Appendixes. Appendix A – CMMC Model 0.6, Appendix B – Level 1 description/clarification, Appendix C – Glossary and Appendix D – Acronym List. The Final Version 1.0 is expected to be released in January 2020.

CMMC Model Framework:

CMMC model framework is with 17 Domains at the top and is further supported by the number of capabilities under it. Each capability has number of process/practices it to be satisfied to achieve compliance (See Picture 1). 

 

 

 

 

 

CMMC Domains:

17 Domains as mentioned in Model are as Under:

  1. Access Control
  2. Asset Management
  3. Audit and Accountability
  4. Awareness and Training
  5. Configuration Management
  6. Identification and Authentication
  7. Incident Response
  8. Maintenance
  9. Media Protection
  10. Personnel Security
  11. Physical Security
  12. Recovery
  13. Risk Management
  14. Security Assessment
  15. Situational Awareness
  16. Systems and Communications Protection
  17. System and Information Integrity

CMMC Levels:

CMMC model is defined with 05 Levels for both practices and processes with Level 1 at the lowest (Basic) and Level 5 as highest (Optimized). The Details of each level is as under:

* Level 4&5 will be included in the future versions of CMMC Model.

 Latest Update:

The CMMC Model Version 1.0 will be released in January 2020 with clarifications. Regarding Certification under this model currently DOD is developing the process of Accreditation. An RFI was brought out regarding this in previous months. Once the process of Accreditation will be finalized, an RFP for Accreditation Board selection will be brought out. After that the Accreditation Board will be selected. Then, the Accreditation Board will select the process for Third Party Accreditation Organization [TPAO]. This is expected to be complete by June 2020. Further details can be obtained from the FAQ’s on the website of Office of the Under Secretary of Defense for Acquisition & Sustainment Cybersecurity Maturity Model Certification.

References:

  • Information collected from Office of the Under Secretary of Defense for Acquisition & Sustainment Cybersecurity Maturity Model Certification and compiled by the author.
  • Further Information can be taken from https://www.acq.osd.mil/cmmc/index.html
  • Copyright Carnegie Mellon University and Johns Hopkins University Applied Physical Laboratory LLC.

Share this:

  • Click to email a link to a friend (Opens in new window)
  • Click to print (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Tumblr (Opens in new window)
  • Click to share on Pinterest (Opens in new window)
  • Click to share on Reddit (Opens in new window)

Like this:

Like Loading...

Related


Published by CMMI Consultant


CMMC, CMMC Certification, CMMC Framework, CMMC Model, Cybermaturity Mode Certification, DOD



Previous Post

As CMMI Consultants, we may come across questions related to the definition of “Risk” and basic concepts on determination of Risk. During a meeting held on Process models like CMMI, we found some questions arising out of Risk Management in CMMI. We decided to clarify the definitions on this topic of “Risk” As CMMI Consultant you may take guidance from the details below:

Next Post

As CMMI Consultants, we may come across questions about what People Capability Maturity Model (People CMM®) is and its Objective, Levels and Benefits. As CMMI Consultant you may take guidance from the details below:

Leave a Reply Cancel reply


Sidebar


Author: Rajendra Khare


Rajendra's LinkedIn Profile
Rajendra is a qualified and certified Lead Appraiser and Instructor for the following :

  • SCAMPI High Maturity Lead Appraiser (Certified)
  • CMMI Institute-Certified SCAMPI v1.3 Lead Appraiser for Acquisition (Certified)
  • CMMI Institute-Certified SCAMPI v1.3 Lead Appraiser for Development (Certified)
  • CMMI Institute-Certified SCAMPI v1.3 Lead Appraiser for Services (Certified)
  • CMMI Institute-Certified Introduction to CMMI-DEV v1.3 Instructor (Certified)
  • CMMI Institute-Certified Services Supplement for CMMI-DEV Instructor (Certified)
  • CMMI Institute-Certified CMMI-DEV Level 2 for Practitioners Instructor (Certified)
  • CMMI Institute-Certified CMMI-DEV Level 3 for Practitioners Instructor (Certified)
  • CMMI Institute-Certified SCAMPI B & C Team Leader for Acquisition (Certified)
  • CMMI Institute-Certified SCAMPI B & C Team Leader for Development (Certified)
  • CMMI Institute-Certified SCAMPI B & C Team Leader for Services (Certified)

Rajendra is Lead Assessor for ISO 9001 (QMS), ISO 14001 (EMS), OHSAS 18001 (OHSMS) since 1994

International Automotive Task Force (IATF) approved Lead Assessor for Automotive Standard TS 16949:2009

Lead Assessor for ISO 27001 (ISMS) and ISO 20000-1 (ITSM)

Rajendra has 25 years experience in the industry.


Tags

cmmi cmmi-acq cmmi-dev cmmi-svc cmmi appraisal CMMI Assessment cmmi benefits CMMI Certification cmmi consultant cmmi consultants cmmi consulting cmmi faq CMMI for Acquisition cmmi for development cmmi for services cmmi high maturity cmmi implementation cmmi institute cmmi maintenance cmmi maturity level cmmi maturity level 2 cmmi maturity level 3 cmmi model cmmi process cmmi process improvement cmmi services configuration management dqs india high maturity Information Security iso 9001 maturity level metrics opd organizational training pal PPQA process improvement qms requirements management risk risk management sam sepg supplier agreement management

© 2023 Copyright © 2017 CMMI Consultant Blog.
Back to top
 

Loading Comments...
 

    %d bloggers like this: