Level 4
CMMC Level 4 builds on CMMC Levels 1 thru 3 by adding 26 additional practices and one additional process.
CMMC Level 4 provides measures to safeguard CUI and reduce the risk of Advanced Persistent Threats. The additional 26 practices enhance the detection and response capabilities of an organization to address and adapt to the changing tactics, techniques and procedures used by our adversaries.
The process requires that contractors measure their effectiveness against the cybersecurity plan (collect and analyze metrics) and share the information with upper-level management.
It is estimated that less than 1% of the Defense Industrial Base will be required to be compliant with CMMC Level 4 requirements.
Recommendation
- Contractors that are required to be compliant with CMMC Level 4 will need to engage an expert cybersecurity consultant to assist with compliance.
Note: An advanced persistent threat is a stealthy threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state sponsored groups conducting large-scale targeted intrusions for specific goals.
CONTACT US
Main Point of Contact:
Laura Rodgers
Director of Cybersecurity Practice
Secure Computing Institute
EB II, 2240B
NC State University
ldrodger@ncsu.edu(o) 919-515-5063(c) 828-734-0053-
How to best utilize CyberNC.us: The CyberNC.us website was created to provide North Carolina companies with one location to find all the information they need to develop a cybersecurity compliance program that is compliant with Department of Defense regulations.
The most effective way to utilize the website is to follow the steps below:
- Understand the regulations. Click on the Cybersecurity Regulations tab and review the information about each of the regulations.
- Understand the data. Click on the FCI/CUI tab for detailed information about Federal Contract Information and Controlled Unclassified Information, then review the Cybersecurity Overview presentation.
- The information on the Where to Start tab will help businesses determine which regulation with which they must comply, as well as the level of compliance that is required.
- The DFARS tab contains information about compliance with DFARS 252.204-7012 and the new DFARS Interim Rule.
- The CMMC tab contains information about CMMC 2.0 and includes FAQs and resources.
- The Training tab provides information about resources businesses can use to train their employees.
- The Partners tab contains links to the websites of the I3C partner agencies.
-
The NCMBC and the I3C are not representatives of the DoD or the CMMC Accreditation body. This website is meant to be a community resource for cybersecurity compliance information.
Copyright 2020, North Carolina Military Business Center. All Rights Reserved.
