{"id":24833,"date":"2021-10-06T15:59:21","date_gmt":"2021-10-06T14:59:21","guid":{"rendered":"https:\/\/www.n-able.com\/?p=24833"},"modified":"2021-10-21T13:36:18","modified_gmt":"2021-10-21T12:36:18","slug":"cmmc-what-is-it-and-why-is-it-important-to-msps","status":"publish","type":"post","link":"https:\/\/www.n-able.com\/pt-br\/blog\/cmmc-what-is-it-and-why-is-it-important-to-msps","title":{"rendered":"CMMC: What is it and why is it important to MSPs"},"content":{"rendered":"<p class=\"p1\"><span class=\"s1\">The Cybersecurity Maturity Model Certification (CMMC) is a security framework implemented by the US Department of Defense (DoD) to improve protection of the defense industrial base. Like other security frameworks, the CMMC has a collection of controls for processes and practices with the goal of achieving a certain level of cybersecurity maturity. The main purpose of the CMMC is to provide assurance to the DoD that a company holding federal contracts has the appropriate measures in place to safeguard Controlled Unclassified Information (CUI) and Federal Contract Information (FCI), and to account for how that information flows. <\/span><span class=\"s2\">It&#8217;s also a powerful framework that can apply to anyone looking to boost their security posture.<\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">If you\u2019re reading this because CMMC may apply to your clients, great. If you\u2019re reading this because you\u2019re not sure what CMMC is, even better.<span class=\"Apple-converted-space\">\u00a0 <\/span>You will gain a better understanding of CMMC and possibly what it portends for the future of self-attestation of compliance.<\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">CMMC is a scalable framework, so dependent upon the sensitivity of data involved, a federal contract will require specific CMMC controls be in place. At the moment, the CMMC has five levels. The higher the level, the more controls required. And because they are cumulative, CMMC Level 3 would demand implementing everything in the preceding two as well.<\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">CMMC Level 1: Basic cyberhygiene\u2014focused on safeguarding Federal Contract Information (FCI)<\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">CMMC Level 2: Intermediate cyberhygiene\u2014serve as a transition step in cybersecurity maturity <\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">CMMC Level 3: Good cyberhygiene\u2014protect Controlled Unclassified Information (CUI)<\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">CMMC Level 4: Proactive\u2014protect CUI and reduce risk of advanced persistent threats (APTs)<\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">CMMC Level 5: Advanced\/progressive\u2014protect CUI and reduce risk of APTs<\/span><\/p>\n<h2 class=\"p4\"><span class=\"s1\">How Is CMMC different from other security frameworks?<\/span><\/h2>\n<p class=\"p1\"><span class=\"s1\">The biggest difference is that it does away with self-attestation. With standards like NIST 800-171, you could self-attest you were following the appropriate controls and standards and win a federal contract. CMMC changes this by requiring that anyone seeking a federal contract with the DoD must receive certification from an approved CMMC third-party assessment organization (C3PAO). <\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">You can easily perform <a href=\"https:\/\/www.acq.osd.mil\/cmmc\/draft.html\" target=\"_blank\" rel=\"noopener\"><span class=\"s3\">self-assessments<\/span><\/a> by leveraging resources made available by the Office of the Under Secretary of Defense for Acquisition &amp; Sustainment. However, you will still need to engage a C3PAO to receive CMMC certification of the appropriate level to win a federal contract. During the audit by a C3PAO, they should be able to help identify any gaps that will prevent receiving certification. If you or your clients are subject to CMMC, engaging with a C3PAO is going to be unescapable. The earlier you start, the more flexibility you will have in implementing any recommendations. <\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">There is currently a grace period to allow CMMC to become fully implemented, but in the future federal DoD contracts will not be awarded without the appropriate certification. <\/span><\/p>\n<h2 class=\"p4\"><span class=\"s1\">Why is CMMC important to MSPs?<\/span><\/h2>\n<p class=\"p1\"><span class=\"s1\">For MSPs, CMMC is no different than any other set of standards or frameworks\u2014it contains an established baseline of best practices, and controls and processes that must be implemented. In fact, most of the controls in CMMC are mapped directly to NIST 800-171. So if you have already been building your managed services around NIST 800-171, you should look at CMMC as an opportunity to help you stand apart. <\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">For MSPs that have not traditionally implemented NIST or other security frameworks because it wasn\u2019t a requirement for you clients, this is an opportunity to own risk and reap the rewards. If you decided to implement the controls within CMMC Level 3\u2014even if you don\u2019t receive certification\u2014you will have a more mature cybersecurity posture, a larger portfolio of services you can offer to clients, and improved scalability.\u00a0<\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">If you have made it this far and think CMMC doesn\u2019t apply to you since you don\u2019t support these types of clients, CMMC has the potential to work down the hierarchy from federal to state and local governments. When NIST 800-53 was originally released in 2005 as recommended security controls for federal information systems, it was intended for federal information systems. In August 2017, federal was removed to indicate that it may be applied to any organization. Many state governments, local municipalities, insurance providers, and public and private entities of all types have required NIST 800-53 controls and processes be followed for years. <\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">One day, CMMC, or an evolution of it, may be just as prevalent as NIST 800-53. With the heightened public awareness concerning the risk cybersecurity threats pose, it\u2019s likely we may eventually see self-attestation as a relic of the past. <\/span><\/p>\n<p class=\"p5\"><span class=\"s1\"><i>Lewis Pope is the Head Security Nerd at N&#8209;able. You can follow him on:<\/i><\/span><\/p>\n<p class=\"p6\"><span class=\"s4\"><i>Twitter:\u00a0<\/i><a href=\"https:\/\/twitter.com\/cybersec_nerd\" target=\"_blank\" rel=\"noopener\"><span class=\"s5\"><i>@cybersec_nerd<\/i><\/span><\/a><\/span><\/p>\n<p class=\"p6\"><span class=\"s4\"><i>LinkedIn:\u00a0<\/i><a href=\"https:\/\/www.linkedin.com\/in\/thesecuritypope\/\" target=\"_blank\" rel=\"noopener\"><span class=\"s5\"><i>thesecuritypope<\/i><\/span><\/a><\/span><\/p>\n<p class=\"p6\"><span class=\"s4\"><i>Twitch:\u00a0<\/i><a href=\"https:\/\/www.twitch.tv\/cybersec_nerd\" target=\"_blank\" rel=\"noopener\"><span class=\"s5\"><i>cybersec_nerd<\/i><\/span><\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Cybersecurity Maturity Model Certification isn\u2019t just for the DoD; it can be a powerful tool for anyone wanting to boost their security posture. Lewis Pope takes a look at&#8230;<\/p>\n","protected":false},"author":62,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"class_list":["post-24833","post","type-post","status-publish","format-standard","hentry","topic-head-nerds","topic-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>What is CMMC? | N-able<\/title>\n<meta name=\"description\" content=\"The Cybersecurity Maturity Model Certification isn\u2019t just for the DoD; it can be a powerful tool for anyone to boost their security. Learn more.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.n-able.com\/pt-br\/blog\/cmmc-what-is-it-and-why-is-it-important-to-msps\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What is CMMC? | N-able\" \/>\n<meta property=\"og:description\" content=\"The Cybersecurity Maturity Model Certification isn\u2019t just for the DoD; it can be a powerful tool for anyone to boost their security. Learn more.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.n-able.com\/pt-br\/blog\/cmmc-what-is-it-and-why-is-it-important-to-msps\" \/>\n<meta property=\"og:site_name\" content=\"N-able\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/NableMSP\" \/>\n<meta property=\"article:published_time\" content=\"2021-10-06T14:59:21+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-10-21T12:36:18+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/04\/blog-Lewis-Pope-white.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"720\" \/>\n\t<meta property=\"og:image:height\" content=\"356\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Lewis Pope\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/04\/blog-Lewis-Pope-white.jpg\" \/>\n<meta name=\"twitter:creator\" content=\"@Nable\" \/>\n<meta name=\"twitter:site\" content=\"@Nable\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"Lewis Pope\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.n-able.com\/pt-br\/blog\/cmmc-what-is-it-and-why-is-it-important-to-msps#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/pt-br\/blog\/cmmc-what-is-it-and-why-is-it-important-to-msps\"},\"author\":{\"name\":\"Lewis Pope\",\"@id\":\"https:\/\/www.n-able.com\/pt-br#\/schema\/person\/32c214c92846fdd7b16459b9236c12ae\"},\"headline\":\"CMMC: What is it and why is it important to MSPs\",\"datePublished\":\"2021-10-06T15:59:21+01:00\",\"dateModified\":\"2021-10-21T12:36:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.n-able.com\/pt-br\/blog\/cmmc-what-is-it-and-why-is-it-important-to-msps\"},\"wordCount\":790,\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/pt-br#organization\"},\"articleSection\":[\"Head Nerds\",\"Security\"],\"inLanguage\":\"pt-BR\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.n-able.com\/pt-br\/blog\/cmmc-what-is-it-and-why-is-it-important-to-msps\",\"url\":\"https:\/\/www.n-able.com\/pt-br\/blog\/cmmc-what-is-it-and-why-is-it-important-to-msps\",\"name\":\"What is CMMC? | N-able\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/pt-br#website\"},\"datePublished\":\"2021-10-06T15:59:21+01:00\",\"dateModified\":\"2021-10-21T12:36:18+00:00\",\"description\":\"The Cybersecurity Maturity Model Certification isn\u2019t just for the DoD; it can be a powerful tool for anyone to boost their security. Learn more.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.n-able.com\/pt-br\/blog\/cmmc-what-is-it-and-why-is-it-important-to-msps#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.n-able.com\/pt-br\/blog\/cmmc-what-is-it-and-why-is-it-important-to-msps\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.n-able.com\/pt-br\/blog\/cmmc-what-is-it-and-why-is-it-important-to-msps#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Security\",\"item\":\"https:\/\/www.n-able.com\/pt-br\/blog\/category\/security\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CMMC: What is it and why is it important to MSPs\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.n-able.com\/pt-br#website\",\"url\":\"https:\/\/www.n-able.com\/pt-br\",\"name\":\"N-able\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/pt-br#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.n-able.com\/pt-br?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.n-able.com\/pt-br#organization\",\"name\":\"N-able\",\"url\":\"https:\/\/www.n-able.com\/pt-br\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/www.n-able.com\/pt-br#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"contentUrl\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"width\":\"1024\",\"height\":\"1024\",\"caption\":\"N-able\"},\"image\":{\"@id\":\"https:\/\/www.n-able.com\/pt-br#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/NableMSP\",\"https:\/\/x.com\/Nable\",\"https:\/\/www.linkedin.com\/company\/n-able\",\"https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.n-able.com\/pt-br#\/schema\/person\/32c214c92846fdd7b16459b9236c12ae\",\"name\":\"Lewis Pope\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g\",\"caption\":\"Lewis Pope\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"What is CMMC? | N-able","description":"The Cybersecurity Maturity Model Certification isn\u2019t just for the DoD; it can be a powerful tool for anyone to boost their security. Learn more.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.n-able.com\/pt-br\/blog\/cmmc-what-is-it-and-why-is-it-important-to-msps","og_locale":"pt_BR","og_type":"article","og_title":"What is CMMC? | N-able","og_description":"The Cybersecurity Maturity Model Certification isn\u2019t just for the DoD; it can be a powerful tool for anyone to boost their security. Learn more.","og_url":"https:\/\/www.n-able.com\/pt-br\/blog\/cmmc-what-is-it-and-why-is-it-important-to-msps","og_site_name":"N-able","article_publisher":"https:\/\/www.facebook.com\/NableMSP","article_published_time":"2021-10-06T14:59:21+00:00","article_modified_time":"2021-10-21T12:36:18+00:00","og_image":[{"width":720,"height":356,"url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/04\/blog-Lewis-Pope-white.jpg","type":"image\/jpeg"}],"author":"Lewis Pope","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/04\/blog-Lewis-Pope-white.jpg","twitter_creator":"@Nable","twitter_site":"@Nable","twitter_misc":{"Escrito por":"Lewis Pope","Est. tempo de leitura":"4 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.n-able.com\/pt-br\/blog\/cmmc-what-is-it-and-why-is-it-important-to-msps#article","isPartOf":{"@id":"https:\/\/www.n-able.com\/pt-br\/blog\/cmmc-what-is-it-and-why-is-it-important-to-msps"},"author":{"name":"Lewis Pope","@id":"https:\/\/www.n-able.com\/pt-br#\/schema\/person\/32c214c92846fdd7b16459b9236c12ae"},"headline":"CMMC: What is it and why is it important to MSPs","datePublished":"2021-10-06T15:59:21+01:00","dateModified":"2021-10-21T12:36:18+00:00","mainEntityOfPage":{"@id":"https:\/\/www.n-able.com\/pt-br\/blog\/cmmc-what-is-it-and-why-is-it-important-to-msps"},"wordCount":790,"publisher":{"@id":"https:\/\/www.n-able.com\/pt-br#organization"},"articleSection":["Head Nerds","Security"],"inLanguage":"pt-BR"},{"@type":"WebPage","@id":"https:\/\/www.n-able.com\/pt-br\/blog\/cmmc-what-is-it-and-why-is-it-important-to-msps","url":"https:\/\/www.n-able.com\/pt-br\/blog\/cmmc-what-is-it-and-why-is-it-important-to-msps","name":"What is CMMC? | N-able","isPartOf":{"@id":"https:\/\/www.n-able.com\/pt-br#website"},"datePublished":"2021-10-06T15:59:21+01:00","dateModified":"2021-10-21T12:36:18+00:00","description":"The Cybersecurity Maturity Model Certification isn\u2019t just for the DoD; it can be a powerful tool for anyone to boost their security. Learn more.","breadcrumb":{"@id":"https:\/\/www.n-able.com\/pt-br\/blog\/cmmc-what-is-it-and-why-is-it-important-to-msps#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.n-able.com\/pt-br\/blog\/cmmc-what-is-it-and-why-is-it-important-to-msps"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.n-able.com\/pt-br\/blog\/cmmc-what-is-it-and-why-is-it-important-to-msps#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Security","item":"https:\/\/www.n-able.com\/pt-br\/blog\/category\/security"},{"@type":"ListItem","position":2,"name":"CMMC: What is it and why is it important to MSPs"}]},{"@type":"WebSite","@id":"https:\/\/www.n-able.com\/pt-br#website","url":"https:\/\/www.n-able.com\/pt-br","name":"N-able","description":"","publisher":{"@id":"https:\/\/www.n-able.com\/pt-br#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.n-able.com\/pt-br?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/www.n-able.com\/pt-br#organization","name":"N-able","url":"https:\/\/www.n-able.com\/pt-br","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.n-able.com\/pt-br#\/schema\/logo\/image\/","url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","contentUrl":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","width":"1024","height":"1024","caption":"N-able"},"image":{"@id":"https:\/\/www.n-able.com\/pt-br#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/NableMSP","https:\/\/x.com\/Nable","https:\/\/www.linkedin.com\/company\/n-able","https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw"]},{"@type":"Person","@id":"https:\/\/www.n-able.com\/pt-br#\/schema\/person\/32c214c92846fdd7b16459b9236c12ae","name":"Lewis Pope","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g","caption":"Lewis Pope"}}]}},"_links":{"self":[{"href":"https:\/\/www.n-able.com\/pt-br\/wp-json\/wp\/v2\/posts\/24833","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.n-able.com\/pt-br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.n-able.com\/pt-br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/pt-br\/wp-json\/wp\/v2\/users\/62"}],"replies":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/pt-br\/wp-json\/wp\/v2\/comments?post=24833"}],"version-history":[{"count":0,"href":"https:\/\/www.n-able.com\/pt-br\/wp-json\/wp\/v2\/posts\/24833\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.n-able.com\/pt-br\/wp-json\/wp\/v2\/media?parent=24833"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}