Although CMMC is ramping up and many solicitations are posting the Certification requirements, it’s a relief to know that the process is not as complicated as it appears. For starters, if you sell off the shelf items, you are exempt from the formal certification. If you are a small business, you will likely only need Levels 1 or 2, which are not performed formally or with the high costs associated with Levels 3, 4 or 5. Level 1 is the starter level to lead to Level 2, which is the starter for the formal Level 3 certification.
You should, however, be implementing the practices of Levels 1 & 2 on an everyday basis to protect your business and all secure items on each computer, laptop, cell phone and tablet associated. At PTAC, we will decode the steps of Levels 1 & 2 for you. You will also be happy to know that you are most likely doing most of the steps already. Examples:
CMMC AC.1.001- Use passwords and PINs to restrict log-on: Everyone most likely has a password to log into their computer that is not easily guessed. If not, add a password to log on, and a password or pin to enter for your email. If you can avoid sharing an email with multiple people, that is also covered in this 1ststep to Level 1.
CMMC AC.1.002- Assign “user” rights to most accounts: If the employee is not in IT or the Owner, they should not have administrator rights to add, delete, make changes to computers in the company.
CMMC AC.1.003- Don’t share your neighbor’s network: Make sure to use the business network, not your home, coffee shop, neighbors’ house or even your personal WiFi. Separate all networks so your company data is protected if another should be hacked into.
Learn more about the upcoming certification and why it is so detrimental to your business if you do business with the Government: https://www.cmmcab.org/