This CMMC Level 2 Facility Sign is designed for use to give notice on facilities that are Cybersecurity Maturity Model Certification Intermediate Hygiene Level 2 to denote restricted access for facilities or for work centers within facilities. This sign supports implementation for a certification in accordance with the requirements published by the Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB).
Manufactured specially for CVG Strategy, our 3M customized 7 x 10″ Aluminum “CMMC Level 2 Facility Sign” will last years and is suitable for indoor or outdoor applications. This “CMMC Level 2 Facility Sign” is specially made for those companies and facilities that are performing work and services that require CMMC Level 2 Certification. This sign will be a part of CVG Strategy’s Consulting and Training Support for your CMMC Certification to Level 2.
CMMC Level 2 Facility Sign
The CMMC Level 2 Facility Sign front uses a custom 7 x 10″ 3M with titlewhite on blue, with text black on white and black border with white on blue “person signing in” icon showing the following text:
CMMC LEVEL 2
All visitors must register.
Compliance with CMMC PE.1.131,PE.1.32 & P.E.2.135
This”CMMC Level 2 Facility Sign” has mounting holes for a wall or pole frame with one opening in each of the four corners.
Our “CMMC Level 2 Facility Sign” is chemical resistant, high temperature resistant up to 168F and has an outdoor life expected at 10 years or more.
Shipping is included for orders within the contiguous United States.
CMMC PE – Physical Protection
PE.1.131 Limit physical access to organizational information systems, equipment, and the respective
operating environments to authorized individuals.
PE.1.132 Escort visitors and monitor visitor activity.
PE.2.135 Protect and monitor the physical facility and support infrastructure for organizational systems.
This “CMMC Level 2 Facility Sign” is used at many commercial facilities in the United States and are very necessary to warn visitors that the company is committed to its Cybersecurity Maturity Model Certification. It will be controlling access to its buildings and operations. A CMMC Sign will serve as evidence of effort by the company who is seeking a certification that they have made a visible effort to limit physical access (PE.1.1.131) and a policy to escort visitors and monitor visitor activity (PE.1.132) in accordance with the CMMC Model. CMMC Level 2 requires compliance to protect the physical monitor the facility (PE.2.135).
THIS NOTICE SHOULD BE POSTED IN ALL COMMERCIAL FACILITIES WHERE CMMC LEVEL 2 IS BEING PERFORMED IN ACCORDANCE WITH US GOVERNMENT REGULATIONS IN ACCORDANCE WITH THE CMMC MODEL.
The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) recognizes that security is foundational to acquisition. It should not be traded along with cost, schedule, and performance moving forward. OUSD A&S is committed to working with the Defense Industrial Base (DIB) sector to enhance the protection of controlled unclassified information (CUI) within the supply chain. And to support the implementation of the Cybersecurity Maturity Model Certification (CMMC).
- The CMMC will review and combine various cybersecurity standards and best practices and map these controls and processes across several maturity levels that range from basic cyber hygiene to advanced. For a given CMMC level, the associated controls and processes, when implemented, will reduce risk against a specific set of cyber threats.
- The CMMC effort builds upon existing regulation (DFARS 252.204-7012) that is based on trust by adding a verification component with respect to cybersecurity requirements.
- The goal is for CMMC to be cost-effective and affordable for small businesses to implement at the lower CMMC levels.
- The intent is for certified independent 3rd party organizations to conduct audits and inform risk.
Cybersecurity Maturity Model Certification (CMMC) was developed to prevent supply chain attacks by bad actors. Cyberattacks on the contractors and suppliers to the U.S. government pose a serious national security threat of which the Department of Defense is focused mitigate risk. DOD tasked the National Institute of Science and Technology to develop a set of guidelines addressing advanced persistent threats that DOD suppliers face when they are handling high-value data assets also known as Controlled Unclassified Information or CUI. NIST released NIST 800-171 with the intention for its use in non-federal systems (private).
The NIST 800-171 publication provides a set of recommended security requirements for protecting CUI so that it remains confidential and controlled during receipt, storage or transfer. The Cybersecurity Maturity Model Certification (CMMC) is a next step based on the NIST 800-171 development with the difference in that a Certification is now possible. NIST 800-171 had no requirement for a certification.
Implementing the CMMC requirements for a Level 1 Basic Cyber Hygiene and Level 2 Intermediate Cyber Hygiene is a challenge for many companies who cybersecurity is a new thing. For other companies, this level is an intermediate cyber hygiene level. It will need to be satisfied first as they must complete additional requirements as they are move towards a CMMC Level 3 Good Cyber Hygiene Certification.
Currently, DOD Contractors are required by the Department of Defense DOD to comply at contract award with DFARS 252.2-04-7012 which requires NIST 800-171. CVG Strategy recommends that when company’s implement NIST 800-171 that it take into consideration these CMMC cybersecurity controls or security controls. CMMC requirements today, should be treated as a regulation supplement to NIST 800-171. A specified CMMC Level of Cyber Hygiene will be required by the end of 2020.
Certification to a CMMC Level should be considered a minimal goal for all DOD Contractors with the required practices and processes to be implemented in anticipation of a certification to an appropriate cyber hygiene level. DOD Contracts are expected to require CMMC for prime contractors by Q4 2020 (or earlier).
CMMC Level 2 Sign Use
The CMMC Level 2 Facility Sign should be used near all entrances to a company’s facilities and their use should be included in your policies and procedures which direct visitors to a central front desk for entry approval and tracking. Further, it is advised that a badging system be used to identify the security level for your visitors, which may be combines with your ITAR and EAR Compliance Program. Remember, a CMMC Sign is one element of a visible representative or evidence of your compliance with the CMMC Model.