The 5 Levels of CMMC Compliance

There are 5 Levels within the CMMC Standard, and we’ve scoured documents released by the CMMC Accreditation Board to figure out the basic cybersecurity elements of each. You’ll see below a rundown of each of the levels along with some solutions we recommend so you have an understanding of the requirements you’ll have to meet! Take a look and feel free to contact me if you have any questions!  

 

Level 1: Basic

  • At Level 1, contractors must implement Spam Filtering and Password Encryption.   

    Simple Helix Solution:  

    • Spam Filtering – Office 365 
    • Password Encryption  DUO 

 

Level 2: Intermediate

  • At Level 2, contractors must meet the practices in level 1 and implement offsite, offline backups.   

    Simple Helix Solution:  

    • Offsite, offline backups – Veeam Cloud-based Backups hosted in Simple Helix’s Tier III Colocation Data Center 

 

Level 3: Good 

  • At Level 3, contractors must meet the practices in levels 1 & 2. They must also implement DNS Filtering and Encrypted Email & File Sharing as well as retroactively monitor the Log Files. 

    Simple Helix Solution:  

    • Encrypted Email & File Sharing – Office 365, Office 365 GCC High, or PreVeil 
    • DNS Filtering – Webroot or Palo Alto Firewall 
    • Log File Review – LogRhythm with retroactive SOC monitoring services

 

Level 4: Proactive

  • At Level 4, contractors must meet the practices in levels 1 through 3 and proactively monitor the Log Files. 

    Simple Helix Solution:  

    1. Log File Review – LogRhythm with proactive SOC monitoring services 

 

Level 5: Progressive

  • At Level 5, contractors must meet the practices in levels 1 through 4 and actively monitor the Log Files 24/7. 

    Simple Helix Solution:  

    1. Log File Review – LogRhythm with active 24/7 SOC monitoring services