Cybersecurity Maturity Model Certification (CMMC) is a DoD requirement that applies to all organizations in the defense supply chain. The CMMC-AB (CMMC Accreditation Body) is the neutral, accredited, third party that is responsible to certify Assessors and maintain the CMMC standards. The DoD provided the CMMC-AB with version 1.02 of the CMMC model along with other materials.
Belarc's system can be used by Assessors and Organizations Seeking Certification (OSCs) to meet many of the CMMC Model v1.02 controls. See Belarc's mapping to the CMMC Controls below.
For additional information and to request a demo, please fill out the form or send an email to firstname.lastname@example.org
Please let us know if you would like any additional information or to try our hosted demo.
Belarc can help monitor the status of the following controls.
AC.2.006 - Limit use of portable storage devices on external systems.
AM.4.226 - Employ a capability to discover and identify systems with specific component attributes (e.g., firmware level, OS type) within your inventory.
AU.2.041 - Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions.
CM.2.061 - Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles.
CM.2.063 - Control and monitor user-installed software.
CM.5.074 - Verify the integrity and correctness of security critical or essential software as defined by the organization (e.g., roots of trust, formal verification, or cryptographic signatures).
CM.4.073 - Employ application whitelisting and an application vetting process for systems identified by the organization.
IA.1.076 - Identify information system users, processes acting on behalf of users, or devices.
MP.2.121 - Control the use of removable media on system components.
MP.3.123 - Prohibit the use of portable storage devices when such devices have no identifiable owner.
RM.2.142 - Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified.
SI.2.217 - Identify unauthorized use of organizational systems.