Resources

decorative arrow

Blog

decorative arrow

4 Steps To Identify Your Current CMMC Level

Compliance

Compliance

Compliance

4 Steps To Identify Your Current CMMC Level

07/2024

5  

min read

Introduction

Navigating the complexities of the Cybersecurity Maturity Model Certification (CMMC) can be daunting for any organization doing business with the Department of Defense (DoD). Whether you are a long-time contractor or trying to get your first DoD contract, understanding your current CMMC level is a crucial part of your compliance journey. This blog outlines the top four easiest ways to assess your current CMMC level. From reviewing your existing contracts to evaluating future business goals, it provides a clear roadmap to help you identify your current position so you can start taking steps towards becoming compliant.

Steps to identifying your current CMMC level

To determine your company’s CMMC level, it’s important to consider your existing contracts, any attestations or questionnaires your company has submitted to customers, the markings of the documents and data your company has received, and future business goals.

01
Search your existing contracts - if your existing contracts have a DFARS clause 252.204-7012 in your contract, you must meet the Level 2 requirements because you’re handling CUI data.
02
Search for questionnaires or cybersecurity attestations – See what you’ve received from customers.
03
Look at the data you receive from your customers - Is any of it marked as CUI or ITAR? CUI data is very often inconsistently labeled across the DoD and prime customers. If you have data or documents marked as CUI, you are almost certain to be CMMC Level 2. ITAR is a form of CUI - if you handle ITAR data, you are likely CMMC Level 2.
04
Evaluate business goals and future contracts - Are you planning on growing your business to do more work that might include these requirements – we work with a lot of small but growing businesses that may not handle these requirements today but will likely go after contracts that do in the next 12-18 months. If this sounds like your company, reference the CMMC timeline section to understand more about the time it takes to be prepare for these requirements.

How to identify your CMMC level?

If you have DFARS 7012, NIST 800-171, or are handling CUI data in your current contract, you are a minimum of CMMC Level 2. If you don’t have these requirements, you are likely CMMC 1.

Are you CMMC level 1?

Identifying if you are CMMC Level 1

Are you CMMC level 2 or 3?

Identifying if you are CMMC Level 2 or 3

Conclusion

Understanding and identifying your current CMMC level is an essential step for any business working with or aspiring to work with the Department of Defense. By following the four steps outlined in this blog—reviewing existing contracts, searching for questionnaires or attestations, examining the data you’ve received, and evaluating your business's future goals—you can determine your CMMC level. If you’re still having trouble identifying your current CMMC level, feel free to schedule a time to talk to one of our cybersecurity experts.

Related Blogs

View all

decorative arrow

Compliance

Compliance

Compliance

What is a System Security Plan for NIST 800-171

10/2024

5 min read

If you do business with the federal government, then you know that you are required to comply with the National Institute of Standards and Technology (NIST) 800-171 standard. This standard outlines the minimum requirements for

Compliance

Compliance

Compliance

Why Should CMMC Compliance Be A Priority?

07/2024

5 min read

Navigating the complexities of the Cybersecurity Maturity Model Certification (CMMC) can be daunting for any organization doing business with the Department of Defense (DoD).

Compliance

Compliance

Compliance

What’s The Difference Between FAR and DFARS? 

07/2024

5 min read

To comply with the Cybersecurity Maturity Model Certification (CMMC), contractors must familiarize themselves with the Federal Acquisition Regulation (FAR) and Defense Federal Acquisition Regulation Supplement (DFARS) terms and conditions

View all

decorative arrow
Logo image

Become Compliant with NIST 800-171, DFARS 7012, and CMMC Requirements

Talk to an Expert

Address:

575 Market St, 415, San Francisco, California 94105, United States

Contact:

415 231 1110
sales@atomuscyber.com

AboutBlogGuides
WebinarsCustomersPrivacy Policy
© 2024 Atomus Corporation. All rights reserved.