Foundational Security For Any Business

Cybersecurity Maturity Model Certification: Level 1

Prepare Your Business Today!

Get A Free Cyber Security Consultation

The Best Starting Point

Foundational Security for Defense Contractors

Cybersecurity Maturity Model Certification Level 1 (CMMC Level 1) is the starting point for cyber security practices for any company that wants to do work for the Department of Defense and handle Federal Contract Information (FCI).

Put simply, FCI is sensitive information related to providing the federal government your goods and services that you want to keep protected from cyber threats of various types.

Protecting Sensitive Information

Cyber Security for Businesses of All Types and Sizes

But the usefulness of CMMC Level 1 is not necessarily limited to just federal contractors and FCI. Businesses of all types, sizes, and target markets can benefit from the 17 foundational cyber security controls found in CMMC Level 1 which come from NIST 800-171.

Whether its Federal Contract Information, or sensitive information about your customers or personnel, you need a solid foundation of cyber security practices to protect it. A CMMC Level 1 Certification is the best place to start.

Level 1 Practice Areas

What Does CMMC Level 1 Do?

The 17 cyber security practices fall into 6 different practice areas to protect your organization against a wide range of threats.

Access Control

Who can access what and from where

Identification & Authentication

Who is who, and are they who they say they are

Media Protection

Keep your data safe from creation to storage to disposal

Physical Protection

Keep your infrastructure protected against real world threats

System & Communication Protection

Keep your network protected against both internal and external threats

System & Information Integrity

Protect your sensitive data against ransomware and malware

What Are the 17 Cyber Security Controls?

(AC) Access Control
  • 3.1.1 – Authorized Access Control: Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems).
  • 3.1.2 – Transaction & Function Control: Limit information system access to the types of transactions and functions that authorized users are permitted to execute.
  • 3.1.20 – External Connections: Verify and control/limit connections to and use of external information systems.
  • 3.1.22 – Control Public Information: Control information posted or processed on publicly accessible information systems.
(IA) Identification and Authentication
  • 3.5.1 – Identification: Identify information system users, processes acting on behalf of users, or devices.
  • 3.5.2 – Authentication: Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems.
(MP) Media Protection
  • 3.8.3 – Media Disposal: Sanitize or destroy information system media containing Federal Contract Information before disposal or release for reuse.
(PE) Physical Protection
  • 3.10.1 – Limit Physical Access: Limit physical access to organizational information systems, equipment, and the respective operating environments to authorized individuals
  • 3.10..3 – Escort Visitors: Escort visitors and monitor visitor activity.
  • 3.10.4 – Physical Access Logs: Maintain audit logs of physical access.
  • 3.10.5 – Manage Physical Access: Control and manage physical access devices.
(SC) System and Communications Protection
  • 3.13.1 – Boundary Protection: Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems.
  • 3.13.5 – Public Access System Separation: Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks.
(SI) System and Information Integrity
  • 3.14.1 – Flaw Remediation: Identify, report, and correct information and information system flaws in a timely manner.
  • 3.142 – Malicious Code Protection: Provide protection from malicious code at appropriate locations within organizational information systems.
  • 3.14.4 – Update Malicious Code Protection: Update malicious code protection mechanisms when new releases are available.
  • 3.14.5 – System & File Scanning: Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed.

Our Process

Professionalism Backed by Experience

Step 1: Gap Analysis

First we will do a full analysis of your organization’s network and facility to identify what you are already doing, and what you need to be doing. This includes identifying assets that fall within the scope of what needs to be protected to keep your sensitive information safe against cyber attack.

Step 2: Recommendations and Planning

After identifying what you are already doing in terms of cyber security we will make recommendations on technologies and system settings needed to achieve CMMC Level 1 Certification. Additionally we will help develop organizational policies to make maintaining your cyber security as a part of your business process.

And because cost is always an issue for businesses both big and small, our recommendations will be geared to be cost effective and deliver real value to your organization’s internal and external stakeholders.

Step 3: CMMC Level 1 Certification

After all the gaps have been filled and new policies have been put in place, we will provide you with all the necessary documentation that certifies your organization as CMMC Level 1 Certified. This will include a full report that describes the scope of the protected assets and how the steps that you are now taking as an organization satisfies all 17 cyber security controls.

Protect Your Organization

Foundational Cyber Security Is Easier with SR2 Solutions

SR2 Solutions makes the process of adopting good cyber security practices easier for companies of all types. Whether you need to protect Federal Contract Information or need to protect sensitive information about your non federal contracts, we have the experience and the tools to make it easy for you.

With cost effective recommendations, and personalized services that are customized to your business, SR2 Solutions will make cyber security an added value to you and your customers.

Cyber AB - CMMC Certification - Registered PractitionerNIST Cybersecurity Framework Professional Practitioner

Get In Touch

+1 409 234 4242
[email protected]