MSU SBDC CyberSecurity

Level 3 Header


level 3 graphic image Level 3 requires that an organization establish, maintain, and resource a plan demonstrating the management of activities for practice implementation. The plan may include information on missions, goals, project plans, resourcing, required training, and involvement of relevant stakeholders.

As a good cyber hygiene level, Level 3 was designed for the protection of CUI in government contracts. It encompasses all of the security requirements specified in NIST SP 800-171 as well as additional practices from other standards and references to mitigate threats.

Government contractors that are required to comply with practices up to Level 3 should also be aware of the incident reporting requirements listed in DFARS clause 252.204-7012 ("Safeguarding of Covered Defense Information and Cyber Incident Reporting").

For official CMMC details visit the CMMC Accreditation Body website and the official DoD website.

MSU SBDC Cybersecurity is not a certifying body and has no affiliation with the CMMC Accreditation Board (CMMC-AB).