When Should You Work with a CMMC RPO vs. a C3PAO?

Mar 27, 2024 Continuum GRC 0 Comment

Glowing log surrounded by digital artifacts

CMMC is a complex undertaking. Depending on where you are in your certification journey, you could require consulting, assessment, or both. Fortunately, the CMMC program includes training and authorization for two distinct types of organizations: Registered Provider Organizations (RPOs) and Certified Third-Party Assessment Organizations (C3PAOs), each offering different services.

We’re discussing these organizations and which one you might want to engage with when preparing for CMMC certification.

What Is NIST 800-172 and Advanced Security Structures

Mar 7, 2024 Continuum GRC 0 Comment

The ongoing rise of state-sponsored Advanced Persistent Threats (APTs) has increased scrutiny of federal and state IT systems security systems. The latest version of CMMC includes a high-maturity level specifically designed to address these threats, which relies primarily on advanced security controls listed in NIST Special Publication 800-172.

CMMC 2.0 and Level 2 Maturity

Oct 18, 2023 Continuum GRC 0 Comment

CMMC 2.0, while retaining the foundational principles of its predecessor, introduces refined maturity levels, each delineating a progressive enhancement in cybersecurity practices and protocols. Transitioning from Maturity Level 1 to Level 2 is not just about adding additional requirements to an organization. It’s about committing to security strategies to protect critical Controlled Unclassified Information (CUI).

This article will discuss the basics of CMMC Maturity Level 2.