Empowering Small Businesses with Big IT Solutions
You don't have to be part of the DoD to follow high security standards.
The Cybersecurity Maturity Model Certification framework includes a comprehensive and scalable certification element to verify the implementation of processes and practices associated with the achievement of a cybersecurity maturity level.
What level are you?
Level 1 demonstrates “Basic Cyber Hygiene”
Level 2 demonstrates “Intermediate Cyber Hygiene”
Level 3 demonstrates “Good Cyber Hygiene”
Level 4 demonstrates “Proactive” cybersecurity
Level 5 demonstrates “Advanced / Progressive” cybersecurity
verify implementation of cybersecurity requirements
Access Control (AC)
Audit and Accountability (AA)
Asset Management (AM)
Access control is a fundamental security domain and set of security principles.
Asset Management (AM)
Audit and Accountability (AA)
Asset Management (AM)
Asset Management (AM) is a building block of cybersecurity.
Audit and Accountability (AA)
Audit and Accountability (AA)
Audit and Accountability (AA)
To oversight users and transactions, trace and track their activities audit logs are required.
Awareness and Training (AT)
Identification and Authentication (IDA)
Audit and Accountability (AA)
Everyone from the board room to the shop floor needs to be made aware of what cyber risk management is and what part they play daily in protecting the organisation.
Configuration Management (CM)
Identification and Authentication (IDA)
Identification and Authentication (IDA)
It reduces operating costs, simplifies maintenance and improves security.
Identification and Authentication (IDA)
Identification and Authentication (IDA)
Identification and Authentication (IDA)
It enables organisations to keep their systems secure by allowing only those users it has identified and authenticated to access systems appropriately.
Incident Response (IR)
Incident Response (IR)
Incident Response (IR)
In the event that an organisation suffers a cyber-attack, it is critical that they are prepared to deal with it.
Maintenance (MA)
Incident Response (IR)
Incident Response (IR)
Regular systems maintenance ensures the smooth running of operations and reduces the risk break down.
Media Protection (MP)
Incident Response (IR)
Personnel Security (PS)
Without data and information organisations would not be able to operate. Data forms important IP for the company.
Personnel Security (PS)
Physical Protection (PP)
Personnel Security (PS)
People are an organisations most important assets, they create the IP upon which companies depend.
Physical Protection (PP)
Physical Protection (PP)
Physical Protection (PP)
Without physical protection it is it not possible to protect assets such as the computers, laptops, servers which hold the company’s IP. I
Recovery (RE)
Physical Protection (PP)
Physical Protection (PP)
It is important that an organisation has a recovery plan in place, a plan which identifies and tests various organisational specific disaster scenarios and enables the organisation to resume as quickly and seamlessly as possible.
Risk Management (RM)
Situational Awareness (SA)
Security Assessment (SAS)
Managing cyber-attacks and the consequences of a cyber-attack is an enterprise wide risk management issue.
Security Assessment (SAS)
Situational Awareness (SA)
Security Assessment (SAS)
Security assessment is an evaluation of the security posture of the organisation.
Situational Awareness (SA)
Situational Awareness (SA)
System and Communications Protections (SCP)
Organisations are under a constant threat from cyber-attack.
System and Communications Protections (SCP)
System and Communications Protections (SCP)
System and Communications Protections (SCP)
All these devices, networks, communications, and data need to be secured appropriately.
System and Information Integrity (SII)
System and Communications Protections (SCP)
System and Information Integrity (SII)
Requires the adoption of a broad range of security practices including the remediation of known software flaws (security by design, vulnerability scanning and patch management),
Copyright © 2024 Information Technology Professionals - All Rights Reserved.
This website uses cookies.
We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.