CMMC Level 3 Compliance

Get CMMC Level 3 Compliant

CMMC 2.0 is applicable to organizations supporting the Department of War (DoW) that handle or process the following types of data:

• Federal Contract Information (FCI)
• Controlled Unclassified Information (CUI)/Covered Defense Information (CDI)
• Controlled Technical Information (CTI)
• Internation Traffic in Arms Regulations (ITAR) Data

A smaller group of aerospace and defense contractors handling critical data (CUI, CTI, ITAR) will be assessed against CMMC 2.0 Level 3.

Some high-level requirements and updates for CMMC Level 3 could include, but are not limited to:

• Meeting National Institute of Standards and Technology (NIST) 800-172 controls (requirement)
• Those with previous Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) assessments likely to be chosen
• 3rd Party Audits for all Organization Seeking Certifications (OSCs) for CMMC L3
• Securing the handling of secret or top-secret information

Summit 7 serves contractors, manufacturers, and higher education research facilities by helping them meet the requirements for Defense Federal Acquisition Regulation Supplement (DFARS) 7012, NIST 800-171, and CMMC compliance.

Initial stages of this implementation can include:

• Addressing your CMMC 2.0 Level 2 baseline (if applicable)
• Baselining your Microsoft 365 GCC or GCC High tenant
• Configuring Microsoft Security products to meet NIST 800-172  requirements
• Configuring Identity Management and Multi-Factor Authentication (MFA) in Azure Active Directory 
• Implementing Microsoft Purview Information Protection (MPIP)
• Microsoft Defender for data protection