???? CMMC 2.0 Ke Teen Levels
CMMC 2.0 ne purane 5 levels ko khatam karke system ko mazeed simple aur sakht bana diya hai:
Level 1: Foundational (15 Practices)
Ye un companies ke liye hai jo sirf FCI handle karti hain. Isme Self-Assessment ki ijazat hoti hai.
Level 2: Advanced (110 Practices)
Ye NIST SP 800-171 standards par mabni hai. Jo companies CUI handle karti hain, unhe third-party assessment (C3PAO) ki zaroorat hoti hai.
Level 3: Expert (110+ Practices)
Sab se high-level security jo NIST SP 800-172 par mabni hai. Iska audit direct Government (DoD) karti hai.
????️ Compliance Kaise Hasil Karein?
| Step | Action Item |
|---|---|
| Gap Analysis | Dekhein ke aapke maujooda controls NIST 800-171 ke mutabiq hain ya nahi. |
| SPRS Score | Apna self-assessment score DoD ke Supplier Performance Risk System mein submit karein. |
| SSP & POAM | System Security Plan (SSP) banayein aur jo gaps reh gaye hain unke liye POAM tyyar karein. |
⚠️ 2026 Mein Kyun Zaroori Hai?
Ab DoD ke contracts mein CMMC requirements ko mandatory kar diya gaya hai. Agar aap compliant nahi hain, toh aapki company bidding process se bahar ho sakti hai. Iske ilawa, supply chain attacks se bachne ke liye ye aik behtareen framework hai.
Kya aap Level 2 ki tyyari kar rahe hain?
Main aapko NIST 800-171 ki checklist provide kar sakta hoon. Kya aapko wo chahiye?