CMMC Level 5 is the highest achievable Level and adds 15 additional practices to Level 4. This Level requires organizations to practice "advanced" cyber hygiene and optimize security processes and methods. As with Level 4, Level 5 is focused on reducing the risk of Advanced Persistent Threats (APT)s and increasing the protection of CUI. CMMC Level 5 compliance will be less common in Requests for Proposal (RFP)s as compared to Level 1 or Level 3, but DIB suppliers focused on critical technologies and more sensitive programs may see this Level requirement in the future. Achieving Level 5 will require a significant investment of time, energy, and resources for any organization.
CMMC Level 5 includes 171 Practices (all Levels in aggregate) and 85 Processes derived from multiple sources such as NIST 800-171, CERT Resilience, CMMC Working Groups, CIS Controls v7.1, and more. See the Practices and Processes below:
Only eight (8) Domains contain Level 5 requirements, and the below list contains a few of the most significant requirements to address:
Upon achieving CMMC Level 4 compliance, or the implementation of the appropriate 156 Technical Practices, you'll need to implement the additional 15 shown in the accordion section above. The following discussion provides a few ways to meet some of the new practices and additional resourcing requirements (software, hardware, personnel, outsourcing).
Summit 7 has begun the conversation for a solution set to help organizations achieve CMMC Level 5 compliance that is developed for Office 365 GCC High, Azure Government, hybrid scenarios. To start the conversation with our team for achieving Level 5, complete the form in the section below. You can also email email@example.com with specific questions about a CMMC Level 5 solution roadmap.
These evaluations will lead to a Level certification of 1 to 5, 5 being the most secure. Levels are cumulative, meaning a Level 5 certified organization will need to meet the practices found in Levels 1, 2, 3, 4, and 5. Access a more detailed explanation and overview of CMMC, as well as history, schedule for rollout, and its background here.
OUSD A&S and the CMMC-Accreditation Body solidified their partnership, November 25, 2020, in signing a No-Cost contract to support this very important mission for our cybersecurity, information security, and thus national security.
If you still have questions about CMMC Level 5, or anything around understanding the Cybersecurity Maturity Model Certification as a whole please do not hesitate to reach out to us.
Here are some ways you can stay connect to the Summit 7 team and hear the latest and greatest on all things security and compliance: