Foundational Security For Any BusinessCybersecurity Maturity Model Certification: Level 1
Prepare Your Business Today!
Get A Free Cyber Security Consultation
The Best Starting Point
Foundational Security for Defense Contractors
Cybersecurity Maturity Model Certification Level 1 (CMMC Level 1) is the starting point for cyber security practices for any company that wants to do work for the Department of Defense and handle Federal Contract Information (FCI).
Put simply, FCI is sensitive information related to providing the federal government your goods and services that you want to keep protected from cyber threats of various types.
Protecting Sensitive Information
Cyber Security for Businesses of All Types and Sizes
Whether its Federal Contract Information, or sensitive information about your customers or personnel, you need a solid foundation of cyber security practices to protect it. A CMMC Level 1 Certification is the best place to start.
Level 1 Practice Areas
What Does CMMC Level 1 Do?
The 17 cyber security practices fall into 6 different practice areas to protect your organization against a wide range of threats.
Who can access what and from where
Identification & Authentication
Who is who, and are they who they say they are
Keep your data safe from creation to storage to disposal
Keep your infrastructure protected against real world threats
System & Communication Protection
Keep your network protected against both internal and external threats
System & Information Integrity
Protect your sensitive data against ransomware and malware
What Are the 17 Cyber Security Controls?
(AC) Access Control
- 3.1.1 – Authorized Access Control: Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems).
- 3.1.2 – Transaction & Function Control: Limit information system access to the types of transactions and functions that authorized users are permitted to execute.
- 3.1.20 – External Connections: Verify and control/limit connections to and use of external information systems.
- 3.1.22 – Control Public Information: Control information posted or processed on publicly accessible information systems.
(IA) Identification and Authentication
- 3.5.1 – Identification: Identify information system users, processes acting on behalf of users, or devices.
- 3.5.2 – Authentication: Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems.
(MP) Media Protection
- 3.8.3 – Media Disposal: Sanitize or destroy information system media containing Federal Contract Information before disposal or release for reuse.
(PE) Physical Protection
- 3.10.1 – Limit Physical Access: Limit physical access to organizational information systems, equipment, and the respective operating environments to authorized individuals
- 3.10..3 – Escort Visitors: Escort visitors and monitor visitor activity.
- 3.10.4 – Physical Access Logs: Maintain audit logs of physical access.
- 3.10.5 – Manage Physical Access: Control and manage physical access devices.
(SC) System and Communications Protection
- 3.13.1 – Boundary Protection: Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems.
- 3.13.5 – Public Access System Separation: Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks.
(SI) System and Information Integrity
- 3.14.1 – Flaw Remediation: Identify, report, and correct information and information system flaws in a timely manner.
- 3.142 – Malicious Code Protection: Provide protection from malicious code at appropriate locations within organizational information systems.
- 3.14.4 – Update Malicious Code Protection: Update malicious code protection mechanisms when new releases are available.
- 3.14.5 – System & File Scanning: Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed.
Professionalism Backed by Experience
Step 1: Gap Analysis
First we will do a full analysis of your organization’s network and facility to identify what you are already doing, and what you need to be doing. This includes identifying assets that fall within the scope of what needs to be protected to keep your sensitive information safe against cyber attack.
Step 2: Recommendations and Planning
After identifying what you are already doing in terms of cyber security we will make recommendations on technologies and system settings needed to achieve CMMC Level 1 Certification. Additionally we will help develop organizational policies to make maintaining your cyber security as a part of your business process.
And because cost is always an issue for businesses both big and small, our recommendations will be geared to be cost effective and deliver real value to your organization’s internal and external stakeholders.
Step 3: CMMC Level 1 Certification
After all the gaps have been filled and new policies have been put in place, we will provide you with all the necessary documentation that certifies your organization as CMMC Level 1 Certified. This will include a full report that describes the scope of the protected assets and how the steps that you are now taking as an organization satisfies all 17 cyber security controls.
Protect Your Organization
Foundational Cyber Security Is Easier with SR2 Solutions
SR2 Solutions makes the process of adopting good cyber security practices easier for companies of all types. Whether you need to protect Federal Contract Information or need to protect sensitive information about your non federal contracts, we have the experience and the tools to make it easy for you.
With cost effective recommendations, and personalized services that are customized to your business, SR2 Solutions will make cyber security an added value to you and your customers.