Understanding CMMC 2.0 and XQ - Start here
CMMC 2.0 (Cybersecurity Maturity Model Certification Level 2) is a Department of Defense (DoD) framework that applies to Defense Industrial Base (DIB) contractors. This certification aims to improve cybersecurity and ensures DIB contractors are equipped to protect sensitive government data.
This article provides an overview of CMMC and information on how XQ can help to prepare you for CMMC.
To receive the CMMC Level 2 Certification, contractors must follow 110 security requirements specified in NIST SP 800-171 Revision 2 and comply with DFARS Clause 252.204-7012. This certification focuses on safeguarding controlled unclassified information (CUI). Contractors must pass a CMMC Third-Party Assessment Organization assessment every 3 years to prove to the DoD their ability to secure CUI based on its risk throughout the supply chain.
The CMMC Level 2 requirements are divided into 14 domains and 110 practices, with 320 assessment objectives in total. These practices involve both technical and non-technical controls, policies, and procedures to ensure ongoing CUI security. These practices include the use of FIPS-validated cryptography and having a System Security Plan (SSP) in place. The complete list of required practices can be found in the CMMC Level 2 Assessment Guide.
XQ helps to prepare you to meet CMMC Level 2 requirements in the following ways:
For more information on CMMC, view the following XQ blog posts:
This article provides an overview of CMMC and information on how XQ can help to prepare you for CMMC.
Overview
The Department of Defense (DoD) has created CMMC Level 2, a program aimed at enhancing supply chain security and defending against cyberattacks. By 2025, this framework will be mandatory for all contractors within the Defense Industrial Base (DIB).To receive the CMMC Level 2 Certification, contractors must follow 110 security requirements specified in NIST SP 800-171 Revision 2 and comply with DFARS Clause 252.204-7012. This certification focuses on safeguarding controlled unclassified information (CUI). Contractors must pass a CMMC Third-Party Assessment Organization assessment every 3 years to prove to the DoD their ability to secure CUI based on its risk throughout the supply chain.
The CMMC Level 2 requirements are divided into 14 domains and 110 practices, with 320 assessment objectives in total. These practices involve both technical and non-technical controls, policies, and procedures to ensure ongoing CUI security. These practices include the use of FIPS-validated cryptography and having a System Security Plan (SSP) in place. The complete list of required practices can be found in the CMMC Level 2 Assessment Guide.
XQ and CMMC
XQ’s products cover NIST security requirements and facilitate CMMC practices and processes that protect CUI. XQ helps streamline your organization’s preparations for CMMC by protecting CUI from unauthorized access throughout its lifecycle and providing auditable event logs of all communications.XQ helps to prepare you to meet CMMC Level 2 requirements in the following ways:
- Protect unauthorized CUI access in Gmail and Outlook with XQ Encrypted Email.
- Protect CUI in Secure Chat from unauthorized users.
- Protect CUI collected in Secure Forms from access by unauthorized users.
- Protect cloud data, including files, from access internally and by external primes, subcontractors, agencies, and other mission partners with XQ Vault.
- Support remote workers and distributed teams throughout supply chain collaboration workflows.
For more information on CMMC, view the following XQ blog posts: