Level 5
CMMC Level 5 builds upon CMMC Levels 1 thru 4 by adding 15 practices and one additional process. Level 5 focuses on the protection of CUI and goes farther than Level 4 in reducing the risk of Advanced Persistent Threats.
The additional practices increase the depth and sophistication of a contractor’s cybersecurity capabilities.
The additional process is the optimization of your cybersecurity program. In other words, there is a standardized, documented approach to your cybersecurity program across the entire organization and each employee understands their role in the cybersecurity program and their responsibility for continuous improvement.
Recommendation
- Contractors that are required to be compliant with CMMC Level 5 will need to engage an expert cybersecurity consultant to assist with compliance.
Note: An advanced persistent threat is a stealthy threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state sponsored groups conducting large-scale targeted intrusions for specific goals.
CONTACT US
Main Point of Contact:
Laura Rodgers
Director of Cybersecurity Practice
Secure Computing Institute
EB II, 2240B
NC State University
ldrodger@ncsu.edu(o) 919-515-5063(c) 828-734-0053-
How to best utilize CyberNC.us: The CyberNC.us website was created to provide North Carolina companies with one location to find all the information they need to develop a cybersecurity compliance program that is compliant with Department of Defense regulations.
The most effective way to utilize the website is to follow the steps below:
- Understand the regulations. Click on the Cybersecurity Regulations tab and review the information about each of the regulations.
- Understand the data. Click on the FCI/CUI tab for detailed information about Federal Contract Information and Controlled Unclassified Information, then review the Cybersecurity Overview presentation.
- The information on the Where to Start tab will help businesses determine which regulation with which they must comply, as well as the level of compliance that is required.
- The DFARS tab contains information about compliance with DFARS 252.204-7012 and the new DFARS Interim Rule.
- The CMMC tab contains information about CMMC 2.0 and includes FAQs and resources.
- The Training tab provides information about resources businesses can use to train their employees.
- The Partners tab contains links to the websites of the I3C partner agencies.
-
The NCMBC and the I3C are not representatives of the DoD or the CMMC Accreditation body. This website is meant to be a community resource for cybersecurity compliance information.
Copyright 2020, North Carolina Military Business Center. All Rights Reserved.