CMMC Level 5 builds upon CMMC Levels 1 thru 4 by adding 15 practices and one additional process. Level 5 focuses on the protection of CUI and goes farther than Level 4 in reducing the risk of Advanced Persistent Threats.
The additional practices increase the depth and sophistication of a contractor’s cybersecurity capabilities.
The additional process is the optimization of your cybersecurity program. In other words, there is a standardized, documented approach to your cybersecurity program across the entire organization and each employee understands their role in the cybersecurity program and their responsibility for continuous improvement.
- Contractors that are required to be compliant with CMMC Level 5 will need to engage an expert cybersecurity consultant to assist with compliance.
Note: An advanced persistent threat is a stealthy threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state sponsored groups conducting large-scale targeted intrusions for specific goals.