Welcome back to part seven of “What you need to know about CMMC”. I’m Bob Hanley from Sabre Systems and today we will continue our discussions on the 17 CMMC domains as we help you in your cyber preparation. If you remember, we discussed media protection last week. Today we’ll change our focus and we will discuss personnel security, or PS for short. Remember, CMMC is about protecting controlled unclassified information, or CUI, which includes lim-dis, and FOUO – limited distribution and for official use only.
Let’s catch everyone up – we’ve already reviewed six domains: awareness training, configuration management, identification and authentication, incident response, maintenance and media protection. Hopefully, you are beginning to see how each domain connects and relates to each other. They are complimentary. So, it is important as we move on to think in those terms and get that overall understanding of these domains within that context. As a refresher, CMMC has five maturity levels with five being the most stringent. Contractors and subcontractors will all need to have a minimum level one, but prime contractors will need to have a minimum level three. You do get bonus points as level four and level five are achieved. If you are a prime contractor, you also have to ensure that your subs are compliant, so please remember that. Read the full transcript.