Badges

CMMC Level 3 Clearance

Cybersecurity Maturity Model Certification

There are five levels of security certification for defense contractors working with the federal government—Level 3 requires a classification of “Good Cyber Hygiene.”

See how we can help you meet Level 3 requirements

Request Demo
View PDF

Home > Solutions > CMMC Level 3 Clearance

NIST

National Institute of Standards and Technology

NIST 800-171 is a government special publication that lists 110 individual controls and requirements detailing security requirements of non-federal information systems to protect federal CUI.

DFARS

Defense Federal Acquisition Regulation Supplement

DFARS is a law under CFR Title 48 to safeguard defense information and issue protocols for reporting security incidents between contractors and the Department of Defense.

CUI

Controlled Unclassified Information

A security requirement of NIST 800-171 is controlling access to media containing CUI and maintaining accountability when the media is outside of a controlled area.

How do I get certified for CMMC Level 3?

Getting a CMMC Level 3 certification requires an audit to ensure your written policies and system architecture meet NIST and DFARS standards and are compliant with current government information security standards. Compliance fits within 17 domains.

Access Control (AC)
  • Establish system access requirements
  • Control internal and remote system access
  • Limit data access to authorized users and processes
Access Management (AM)
  • Identify and document assets
Audit and Accountability (AU)
  • Define audit requirements
  • Perform auditing
  • Identify and protect audit information
  • Review and manage audit logs
Awareness and Training (AT)
  • Conduct training and security awareness activities
Configuration Management (CM)
  • Establish configuration baselines
  • Perform configuration and change management
Identification and Authentication (IA)
  • Grant access to authenticated entities
Incident Response (IR)
  • Plan incident response
  • Detect and report events
  • Develop and implement a response
Maintenance (MA)
  • Manage maintenance
Media Protection (MP)
  • Identify and mark media
  • Protect and control media
  • Sanitize media
  • Protect media during transport
Personnel Security (PS)
  • Screen personnel
  • Protect CUI during personnel actions
Physical Protection (PE)
  • Limit physical access
Recovery (RE)
  • Manage back-ups
Risk Management (RM)
  • Identify and evaluate risk
  • Manage risk
Security Assessment (CA)
  • Develop and manage a system security plan
  • Define and manage controls
  • Perform code reviews
Situational Awareness (SA)
  • Implement threat monitoring
Systems and Communications Protection (SC)
  • Define security requirements for systems and communications
  • Control communications at system boundaries
System and Information Integrity (SI)
  • Identify and manage information system flaws
  • Identify malicious content
  • Perform network and system monitoring
  • Implement advanced email protections

SecureDrive Solutions

SecureDrive products satisfy federal requirements and offer solutions for businesses to reach CMMC Level 3 standards.

They come in durable casing to prevent physical tampering and allow the transportation of devices from secured locations while safeguarding and utilizing additional measures to protect sensitive data from data breaches.

FIPS
Unlock

SecureDrive® BT and SecureUSB® BT

SecureDrive® BT and SecureUSB® BT are hardware-encrypted, portable devices that can be enhanced in their security through the Remote Management Services/Console.

Remote Management

Remote Management allows Admin control over the devices through a web console without needing physical access to the drives.

SecureDrive® KP and SecureUSB® KP

SecureDrive® KP and SecureUSB® KP are hardware-encrypted, portable devices with keypads and PIN protection.

Talk to a Data Protection expert, please call: 424-363-8535

Our Security & Data Loss prevention experts are here to help, contact us today to go over your compliance and data protection needs.