Control Explorer

Cybersecurity Maturity Model Certification (CMMC) is an evolving body of security controls which essentially states that Government data on contractor networks must be protected with the same security as were the data on the Government’s own network.

CMMC is based on NIST SP 800-171, “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations”. NIST 800-171 defines 130 security controls as a singe security group which provides the baseline security for contractors. However, CMMC goes farther, it employs 176 security and process controls spread across five levels

Level	Description
1	Safeguard Federal Contract Information (FCI): • Execute Basic Cyber Hygiene
2	Serve as transition step in cybersecurity maturity progression to protect CUI: • Documented Processes • Intermediate Cyber Hygiene
3	Protect Controlled Unclassified Information (CUI): • Managed Processes • Good Cyber Hygiene
4	Protect CUI and reduce risk of Advanced Persistent Threats (APTs): • Reviewed Processes • Proactive Cyber Hygiene
5	Protect CUI and reduce risk of Advanced Persistent Threats (APTs) : • Optimized Processes • Advanced / Proactive Cyber Hygiene

Domain	Description
Access Control (AC)	• Establish system access requirements • Control internal system access • Control remote system access • Limit data access to authorized users and processes
Asset Management (AM)	• Identify and document assets • Manage asset inventory
Audit and Accountability (AU)	• Define audit requirements • Perform auditing • Identify and protect audit information • Review and manage audit logs
Awareness and Training (AT)	• Conduct security awareness activities • Conduct training
Configuration Management (CM)	• Establish configuration baselines • Perform configuration and change management
Identification and Authentication (IA)	• Grant access to authenticated entities
Incident Response (IR)	• Plan incident response • Detect and report events • Develop and implement a response to a declared incident • Perform post incident reviews • Test incident response
Maintenance (MA)	• Manage maintenance
Media Protection (MP)	• Identify and mark media • Protect and control media • Sanitize media • Protect media during transport
Personnel Security (PS)	• Screen personnel • Protect CUI during personnel actions
Physical Protection (PE)	• Limit physical access
Recovery (RE)	• Manage backups • Manage information security continuity
Risk Management (RM)	• Identify and evaluate risk • Manage risk • Manage supply chain risk
Security Assessment (CA)	• Develop and manage a system security plan • Define and manage controls • Perform code reviews
Situational Awareness (SA)	• Implement threat monitoring
Systems and Communications Protection (SC)	• Define security requirements for systems and communications • Control communications at system boundaries
System and Information Integrity (SI)	• Identify and manage information system flaws • Identify malicious content • Perform network and system monitoring • Implement advanced email protections

Effective Managed IT Solutions

Don’t let your organization get bogged down in IT challenges that distract from your mission. Secure ITSM is here to keep your IT operating smoothly and securely so you can focus on what’s most important: growing your business.

Support for Anywhere Operations

Our solutions support a “digital first, remote first” operational model incorporating physical office space and data centers as appropriate.

Predefined Secure IT Operational Models

Predefined IT operational models with key elements already developed allow us to deliver secure compliance services at affordable price points.

Best-in-Breed Cloud & Premise IT Solutions

SecureITSM integrates best-in-breed cloud and premise services into predefined secure IT models.

Meshed Cybersecurity

A “defense-in-depth” approach combined with a distributed architecture deploying security mechanisms across threat vectors and protecting information stores.

Integrated Compliance

By combining predefined secure IT models and a compliance database, we significantly reduce compliance overhead costs.