Level 1 in a Box Materials
CMMC Level 1 in a Box was created to help small companies develop a cybersecurity compliance program for CMMC Level 1 on their own, without having to pay for consulting services. However, implementing a cybersecurity compliance program – even for CMMC Level 1 – requires some IT knowledge. If your company outsources its IT services, you need to work with that company to develop your cybersecurity program.
CMMC Level 1 in a Box can also be used by any company wanting to develop a cybersecurity program for any level of compliance – the tool makes it easy to get started.
The CMMC Level 1 Assessment Guide provides guidance to assessors for conducting a CMMC Level 1 assessment.
Contents of CMMC Level 1 in a Box
- CMMC Level 1 Presentation – the presentation will introduce you to each of the CMMC Domains and associated practices.
- CMMC Level 1 Guide – an Excel workbook that can be used to manage the development of your cybersecurity program and guide you through the necessary tasks.
- Network diagram
- Risk assessment
- IT Asset Inventory
- Gap analysis
- Procedure for each practice
- Plans to achieve compliance
The Guide also provides a template to help attain and maintain compliance.
- Data Security Policy Template – CMMC Level 1 does not require that you develop a data security policy, but it is highly recommended, and the template is a tool you can use to develop your policy.
CONTACT US
Main Point of Contact:
Laura Rodgers
Director of Cybersecurity Practice
Secure Computing Institute
EB II, 2240B
NC State University
ldrodger@ncsu.edu(o) 919-515-5063(c) 828-734-0053-
How to best utilize CyberNC.us: The CyberNC.us website was created to provide North Carolina companies with one location to find all the information they need to develop a cybersecurity compliance program that is compliant with Department of Defense regulations.
The most effective way to utilize the website is to follow the steps below:
- Understand the regulations. Click on the Cybersecurity Regulations tab and review the information about each of the regulations.
- Understand the data. Click on the FCI/CUI tab for detailed information about Federal Contract Information and Controlled Unclassified Information, then review the Cybersecurity Overview presentation.
- The information on the Where to Start tab will help businesses determine which regulation with which they must comply, as well as the level of compliance that is required.
- The DFARS tab contains information about compliance with DFARS 252.204-7012 and the new DFARS Interim Rule.
- The CMMC tab contains information about CMMC 2.0 and includes FAQs and resources.
- The Training tab provides information about resources businesses can use to train their employees.
- The Partners tab contains links to the websites of the I3C partner agencies.
-
The NCMBC and the I3C are not representatives of the DoD or the CMMC Accreditation body. This website is meant to be a community resource for cybersecurity compliance information.
Copyright 2020, North Carolina Military Business Center. All Rights Reserved.