The certification is a formal assessment to evaluate “defense contractor compliance with existing information safeguarding requirements for federal contract information (FCI) and controlled unclassified information (CUI),” per the DoW.
“Every mission we support depends on trust, trust that information is protected, systems are resilient, and operations can continue even in the face of emerging cyber threats,” said James Gresham, Associate Director, Information Security at Riverside Research. “This certification confirms that Riverside operates with the level of maturity and discipline required to support the nation’s most critical missions.”
The three tiers of the CMMC model allow defense contractors to ramp up their compliance with federal government standards. Contractors meet requirements via assessments provided by authorized CMMC third-party assessment organizations (C3PAOs) to members of the defense industry base (DIB). Certain government contracts mandate CMMC status and level as a requirement.
CMMC Tiers
The CMMC tiers are as follows:
Level 1: FCI Basic Safeguarding to meet 15 security requirements outlined in FAR clause 52.204-21.
Level 2: Broad CUI Protection focusing on how information is transmitted, processed, and stored digitally. This compliance level mandates meeting 110 security requirements from NIST SP 800-171 Revision 3.
Level 3: Higher-level Protection of CUI Against Advanced Persistent Threats requires CMMC Final Level 2 status, a Defense Contract Management Agency (DCMA) Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) assessment run every three years, and compliance with 24 requirements from NIST SP 800-172.
Riverside Research has earned and currently maintains Level 2 status. Our compliance is an integral part of our mission focus.