The 5 Levels of CMMC Compliance

There are 5 Levels within the CMMC Standard, and we’ve scoured documents released by the CMMC Accreditation Board to figure out the basic cybersecurity elements of each. You’ll see below a rundown of each of the levels along with some solutions we recommend so you have an understanding of the requirements you’ll have to meet! Take a look and feel free to contact me if you have any questions!  

 

Level 1: Basic

• At Level 1, contractors must implement Spam Filtering and Password Encryption.   

  Simple Helix Solution:  

  • Spam Filtering – Office 365 
  • Password Encryption – DUO 

 

Level 2: Intermediate

• At Level 2, contractors must meet the practices in level 1 and implement offsite, offline backups.   

  Simple Helix Solution:  

  • Offsite, offline backups – Veeam Cloud-based Backups hosted in Simple Helix’s Tier III Colocation Data Center 

 

Level 3: Good 

• At Level 3, contractors must meet the practices in levels 1 & 2. They must also implement DNS Filtering and Encrypted Email & File Sharing as well as retroactively monitor the Log Files. 

  Simple Helix Solution:  

  • Encrypted Email & File Sharing – Office 365, Office 365 GCC High, or PreVeil 
  • DNS Filtering – Webroot or Palo Alto Firewall 
  • Log File Review – LogRhythm with retroactive SOC monitoring services

 

Level 4: Proactive

• At Level 4, contractors must meet the practices in levels 1 through 3 and proactively monitor the Log Files. 

  Simple Helix Solution:  

  1. Log File Review – LogRhythm with proactive SOC monitoring services 

 

Level 5: Progressive

• At Level 5, contractors must meet the practices in levels 1 through 4 and actively monitor the Log Files 24/7. 

  Simple Helix Solution:  

  1. Log File Review – LogRhythm with active 24/7 SOC monitoring services