The journey to CMMC Level 3 represents the highest level of cybersecurity maturity under the CMMC framework. Unlike Levels 1 and 2, which focus on FCI and CUI, respectively, Level 3 targets Advanced Persistent Threats (APTs). That means more extensive security, defined in NIST Special Publication 800-172.

For organizations that support critical programs or handle high-value assets for the Department of Defense, achieving Level 3 is imperative. But what does it take to implement the enhanced controls from NIST SP 800-172, and how do they fit into the broader CMMC ecosystem? This article explores that challenge and provides a practical roadmap for organizations preparing to meet it.

Read More

The ongoing rise of state-sponsored Advanced Persistent Threats (APTs) has increased scrutiny of federal and state IT systems security systems. The latest version of CMMC includes a high-maturity level specifically designed to address these threats, which relies primarily on advanced security controls listed in NIST Special Publication 800-172. 

Read More

As organizations move up the CMMC maturity model, they do so for one reason: to prepare themselves better to protect against Advanced Persistent Threats (APTs). These threats are a significant problem in the defense supply chain, and as such, CMMC leans heavily on NIST 800-171 and 800-172 to address them. 

This article introduces how these documents, particularly Special Publication 800-172, address APTs.

Read More