MSU SBDC CyberSecurity

Level 3 Header


level 3 graphic image Level 3 requires that an organization establish, maintain, and resource a plan demonstrating the management of activities for practice implementation. The plan may include information on missions, goals, project plans, resourcing, required training, and involvement of relevant stakeholders.

As an good cyber hygiene level, lLevel 3 focuses on the protection of CUI and encompasses all of the security requirements specified in NIST SP 800-171 [4] as well as additional practices from other standards and references to mitigate threats.

It is noted that DFARS clause 252.204-7012 ("Safeguarding of Covered Defense Information and Cyber Incident Reporting") [5] specifies additional requirements beyond the NIST SP 800-171 security requirements such as incident reporting.

CMMC Domains

The CMMC model consists of 17 domains. The majority of these domains originate from the security-related areas in Federal Information Processing Standards (FIPS) Publication 200 [12] and the related security requirement families from NIST SP 800-171 [4]. Level 3 consist of the following CMMC domains.

Click each domain to review the practices specified for level 3 accreditation.
AC Domain ButtonAM Domain Button