23 Mar SO YOU WANT A CMMC CERTIFICATION (PART THREE:)
PART THREE:
This second part of our blog describes what artifacts your organizations needs to have in place. The specific artifacts will be determined by the CMMC level your organization wants to achieve.
Level 1: At this level there are no required processes and it is up to the organization to determine which practices require documentation. [Ad Hoc]
Level 2: At this level each practice is documented including those associated with Level 1 and a policy exists that includes all activities.
Level 3: At this level each practice is documented including those associated with lower levels, a policy exists that covers all activities and a plan exists that includes all activities. Additionally the plan is maintained and resources needed to implement the plan are made available. All processes are maintained and followed.
Level 4: As before, each practice is documented including those associated with lower levels, a policy exists that covers all activities and a plan exists that includes all activities. Additionally, activities are reviewed and measured for effectiveness and the results of the review is shared with higher level management. Processes are reviewed on a periodic basis, properly resourced, and improved across the entire organization.
Level 5: Everything contained in levels two through four plus there is a standardized, documented approach across all applicable organizational units. Continuous improvement occurs across the entire organization.