Last updated on June 14th, 2023 at 07:26 pm
The 5 Levels of CMMC Compliance
There are 5 Levels within the CMMC Standard, and we’ve scoured documents released by the CMMC Accreditation Board to figure out the basic cybersecurity elements of each. You’ll see below a rundown of each of the levels along with some solutions we recommend so you have an understanding of the requirements you’ll have to meet! Take a look and feel free to contact me if you have any questions!
Level 1: Basic
At Level 1, contractors must implement Spam Filtering and Password Encryption.
Simple Helix Solution:
- Spam Filtering – Office 365
- Password Encryption – DUO
Level 2: Intermediate
At Level 2, contractors must meet the practices in level 1 and implement offsite, offline backups.
Simple Helix Solution:
- Offsite, offline backups – Veeam Cloud-based Backups hosted in Simple Helix’s Tier III Colocation Data Center
Level 3: Good
At Level 3, contractors must meet the practices in levels 1 & 2. They must also implement DNS Filtering and Encrypted Email & File Sharing as well as retroactively monitor the Log Files.
Simple Helix Solution:
- Encrypted Email & File Sharing – Office 365, Office 365 GCC High, or PreVeil
- DNS Filtering – Webroot or Palo Alto Firewall
- Log File Review – LogRhythm with retroactive SOC monitoring services
Level 4: Proactive
At Level 4, contractors must meet the practices in levels 1 through 3 and proactively monitor the Log Files.
Simple Helix Solution:
- Log File Review – LogRhythm with proactive SOC monitoring services
Level 5: Progressive
At Level 5, contractors must meet the practices in levels 1 through 4 and actively monitor the Log Files 24/7.
Simple Helix Solution:
- Log File Review – LogRhythm with active 24/7 SOC monitoring services