Proudly serving Virginia, Maryland and DC // Call us today! 703.396.6120
V2 SystemsV2 Systems
The Time to Prepare for CMMC Is Now. V2 Systems Is Here to Help You Get Started.

by Erik Briceno

We are already half-way through 2020. And that means you can’t put off Cybersecurity Maturity Model Certification (CMMC) preparation any longer. We here at V2 Systems are going to help with a short guide for getting the bare basics together, so that you’ll at least be prepared for Level 1 certification. Here’s a quick rundown of everything.

CMMC Level 1 Has 17 Controls.

We spoke about the different levels of CMMC in our previous blog. There are 5 levels in total, and each level is made up of numerous security actions that need to be performed in order to achieve certification for that level. The controls in Level 1 come directly from Federal Acquisition Regulation (FAR) 52.204-21, and are considered both basic and essential. Here is the general outline for CMMC Level 1, which makes up about 15% of all 5 CMMC levels:

  1. Limit information system access to authorized users, processes acting on behalf of authorized users or devices (including other information systems).
  2. Limit information system access to the types of transactions and functions that authorized users are permitted to execute.
  3. Verify and control/limit connections to and use of external information systems.
  4. Control information posted or processed on publicly accessible information systems.
  5. Identify information system users, processes acting on behalf of users or devices.
  6. Authenticate (or verify) the identities of those users, processes or devices as a prerequisite to allowing access to organizational information systems.
  7. Sanitize or destroy information system media containing Federal Contract Information before disposal or release for reuse.
  8. Limit physical access to organizational information systems, equipment and the respective operating environments to authorized individuals.
  9. Escort visitors and monitor visitor activity; maintain audit logs of physical access; and control and manage physical access devices.
  10. Maintain audit logs of physical access.
  11. Control and manage physical access devices.
  12. Monitor, control and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems.
  13. Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks.
  14. Identify, report, and correct information and information system flaws in a timely manner.
  15. Provide protection from malicious code at appropriate locations within organizational information systems.
  16. Update malicious code protection mechanisms when new releases are available.
  17. Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened or executed.

Everyone Should Have CMMC Level 1

The Time to Prepare for CMMC Is Now. V2 Systems Is Here to Help You Get Started.CMMC Level 1 is a pretty basic security practice by now. Just looking at the list above, you can see it covers everything from locking office doors, to escorting guests and using strong passwords. It shouldn’t take much effort to reach Level 1, and if you’re not quite there yet, it costs very little, if not almost nothing, to do so. An MSSP can absolutely help you reach the goals listed in Level 1, and that’s where V2 Systems can be a tremendous asset. Keep in mind that if you want to be NIST 800-171 compliant, you have to be at least CMMC Level 3.

Doing work for the Department of Defense is no joke. It’s a job that needs to be taken seriously, no matter the size of your organization. Let us help your image so that the DoD will take you seriously, too.

Since 1995, Manassas Park, VA-based V2 Systems has employed local systems administrators, network engineers, security consultants, help desk technicians and partnering companies to meet a wide range of clients’ IT needs, from research, to implementation, to maintenance. Concentrate on your VISION…We’ll handle the TECHNOLOGY!

 

ebriceno
About ebriceno
Erik Briceño is the owner of V2 Systems, Inc., one of Northern Virginia’s leading Information Technology Managed Service Providers. He is an inspiring leader for its employees and instrumental business partner for its customers. He is passionate about V2’s purpose, dedicated to exceeding expectations and a consummate professional not afraid of jumping in and getting his hands dirty. Prior to joining V2 Systems in 2002, Erik was a co-founder and COO of Ampcast.com, a leading provider of online resources servicing over 5,000 independent musical artists. At Ampcast.com, Erik spearheaded all aspects of corporate development, funding, strategic vision, and business development for the firm. From 1997 to 1999 Erik held the position of Acoustic Systems Engineer for Electric Boat Corporation, a leading defense contractor. In this role, Erik was responsible for the acoustic fidelity of two noise critical systems and components in the US Navy’s nuclear submarine systems. Erik holds a B.S. in Mechanical Engineering from Vanderbilt University and a Masters of Business Administration from George Mason University. When not working, you will find Erik a dedicated family man, raising two young children with his lovely wife Karen. Together, they enjoy building legos, playing baseball, skiing, riding horses, swimming, traveling, and fixing up old Mopars.
The Time to Prepare for CMMC Is Now. V2 Systems Is Here to Help You Get Started.
The Time to Prepare for CMMC Is Now. V2 Systems Is Here to Help You Get Started.