CMMC

Secure your business, and demonstrate its security using CMMC.

CMMC

The goal of CMMC is to review best cybersecurity practices, and to map the various processes and controls throughout the varying maturity levels. It uses and is built upon existing cybersecurity regulation.

Jared Hoksin's Face

“With world renowned experts in Cybersecurity, Operations, and Organizational Culture, Strong Connexions is THE ONLY PROVIDER within the CMMC ecosystem & Cybersecurity ecosystem. We address organizations from the entire life cycle of preparation/readiness, remediation, assessing, and maintaining a healthy culture with all the requirements to meet compliance. We do this all while improving workforce satisfaction and mitigating the risk organizations CURRENTLY face through proprietary AI & Machine Learning platforms that far exceed anything ever brought to the market.

I am proud to announce our Strong Connexions Life Engineering Program set forth to provide a Healthy Culture, which in turn provides a Secure Culture putting the people and the success of those individuals above all else and making them and the organizations they serve the strongest and most secure workforce’s in the world.”

– Jared Hoskins, COO

CMMC logo

Security Maturity Levels

There are three security maturity levels. These range from one to three, or from foundational to expert. Each various maturity level has associated controls and proceses, and when these requirements are met they reduce risk against specific sets of cyber threats. The levels of maturity build off one another.

I: The first level of maturity, Foundational, will provide a basic level of security. This level of maturity contains 17 practices and requires an annual self-assessment.

II: The second level of maturity, Advanced, has a document that establishes various practices and policies, and is a guide wherewith to implement CMMC efforts. Meaning the practices are performed, and there is a document to guide them. This assessment is based off of NIST 800-171. There are 110 controls and requires triennial third-party assessments for critical national security information as well as an annual self assessment for certain programs.

III: The third level of maturity, Expert, has 110+ controls and is based off of NIST 800-172. For this level, a requirement of triennial government-led assessment is essential for certification. 

Performance/Readiness Assesment

A performance assessment would be conducted, which would be used to create a risk register and a plan of action. The plan would include milestones on how to remediate any areas that the assessment shows may be deficient. After the performance assesment would come a formal assesment, which leads to a certification upon succesful completion of the assesment.

Certification

After the succesful completion of a formal assesment, a certification will be issued. For government compliant certifications, this is not the full process that goes into receiving a full certificate. But this would be an important and necessary part of that process.

 

Endorsement

For companies that do not need a government compliant certifications, there is also an endorsement assesment and certification. The succesful completion of a formal endorsement assesment would also verify advanced security, and the endorsement would be able to display that level of security to both the company and to others outside of it.