CMMC 2.0: DoD Supply Chain Security
???? CMMC 2.0 Ke Teen Levels
CMMC 2.0 ne purane model ko mazeed simple banaya hai taake choti companies bhi ispar amal kar sakein:
Level 1: Foundational (15 Practices)
Ye un companies ke liye hai jo sirf Federal Contract Information (FCI) handle karti hain. Isme saalana Self-Assessment lazmi hoti hai.
Level 2: Advanced (110 Practices)
Ye NIST SP 800-171 ke mutabiq hai. Jo companies Controlled Unclassified Information (CUI) handle karti hain, unhe ye certification hasil karni hoti hai. Aksar cases mein C3PAO se audit karwana parta hai.
Level 3: Expert (110+ Practices)
Ye sab se high level hai jo NIST SP 800-172 par mabni hai. Ye sirf un contracts ke liye hai jo boht zyada sensitive hote hain aur iska audit direct DoD karti hai.
????️ Compliance Ka Roadmap
Certification hasil karne ke liye in steps par amal karna zaroori hai:
| Step | Description |
|---|---|
| Identify Data | Pehchanein ke aap FCI handle kar rahe hain ya CUI. |
| Gap Analysis | Maujooda security controls aur required practices ke darmiyan farq maloom karein. |
| Implementation | NIST 800-171 ke mutabiq policies aur technical controls lagayein. |
| Audit/Assessment | Apne level ke mutabiq self-assess karein ya C3PAO ko hire karein. |
⚖️ CMMC 1.0 vs 2.0: Kia Tabdeeli Ayi?
CMMC 2.0 ne boht si cheezein asan kar di hain:
- Levels 5 se kam kar ke 3 kar diye gaye.
- Practices ko sirf NIST standards ke mutabiq rakha gaya.
- Choti companies ke liye self-assessment ki ijazat di gayi (Level 1 aur kuch Level 2 contracts ke liye).
Kya aap Level 2 ki tyyari kar rahe hain?
Main aapko NIST 800-171 ki practices aur assessment guides provide kar sakta hoon. Kya aap mazeed details chahte hain?