The Department of Defense initiated the CMMC security program and took effect in September 2020. The CMMC certification is required by organizations supporting DoD contracts, or in some cases by organizations that provide services to defense contractors. Even organizations that do not deal directly with the DoD may be asked by customers to comply with CMMC to help support their certification.
CMMC outlines a set of controls (capabilities) and practices that are designed to ensure companies are applying adequate controls for the protection of two data categories:
CMMC sets forth five maturity levels that require increasing numbers of controls and practices, depending on the type of data being processed, or requirements stated within the contract.
Level 1 is the lowest level of maturity, contained only 17 practices, with Level 5 requiring 171 practices
System Security Plan (SSP) template
CMMC Control Scorecards
Plan of Action Milestones (POAM)
Agility is pre-configured with all the tools and templates you need to implement your CMMC program.
Easily track program status, control compliance, document status and remediation all within your or Ekko hosted Atlassian Cloud instance.
Agility provides you everything you need to start your CMMC program
Pre-built CMMC compliant policy templates
Establish your control baseline and program starting point
CMMC requires an external C3PAO to conduct your certification audit
Agility provides you all the tools to implement, track and remediate your CMMC Information Security program
Conduct your Internal readiness assessment inside Agility
Conduct your CMMC certification audit with your selected registrar audit firm
Agility helps you maintain your ISMS