Professional Documents
Culture Documents
CMMC 2.0
Cybersecurity Maturity Model Certification 2.0 Achieving CMMC 2.0 With Self-Learning AI Defense
The Cybersecurity Maturity Model Certification 2.0 (CMMC 2.0) is a framework used Darktrace delivers AI-powered threat detection, investigation, and response that
to assess the cybersecurity posture of contractors and subcontractors working can support organizations in their journey towards cyber maturity as defined
with the US Department of Defense (DoD). It maps specific controls and processes by the CMMC 2.0 framework. Through a unified platform approach, Darktrace
associated with various cybersecurity standards to three maturity models, ranging provides autonomous cyber defense across the entire enterprise, from cloud,
from basic cyber hygiene to advanced. SaaS, and email environments, to corporate networks, remote endpoints, and
cyber-physical systems.
The initial version of CMMC (CMMC 1.0) was published by the DoD in September 2020.
In November 2021, the DoD announced CMMC 2.0 which included a streamlined With Self-Learning AI, the Darktrace learns what normal behavior looks like across
model, reliable assessments, and flexible implementation. Specific changes in the business in order to spot the subtle deviations that signal an attack, from
CMMC 2.0 include the following: reducing the model from 5 to 3 compliance levels; novel ransomware to stealthy insiders.
allowing companies at Level 1 and Level 2 to demonstrate compliance through
The technology spots emerging threats in real time with the Enterprise
self-assessment; and allowing companies to make Plans of Action & Milestones
Immune System, performs automatic investigations with Cyber AI Analyst, and
(POA&Ms) to achieve certification or waive CMMC requirements, both under certain
autonomously contains threats with Darktrace Antigena – all without relying on
limited circumstances.
any rules, signatures, or prior assumptions.
CMMC 2.0 has largely been put in place to verify organizational compliance with NIST
800-171 standards and ensures the security of Controlled Unclassified Information Darktrace and CMMC: Framework Applicability
(CUI) that resides on DOD industry partners’ networks. It will be incorporated into
the Defense Federal Acquisition Regulation Supplement (DFARS) and used as a Presented below is a guide showing how Darktrace can assist organizations in
requirement for awarding contracts. working towards CMMC 2.0 practices and associated maturity levels.
The framework is designed to allow smaller businesses to implement the controls For more information on how Darktrace capabilities map to the NIST framework,
associated with lower levels of maturity in a cost-effective and affordable way, while please see our white paper on Darktrace and NIST.
organizations with more resources can build to advanced maturity. Each DOD
contract specifies a required level of CMMC 2.0 certification.
It will be critical for all organizations that may affect the security of CUI to have some
level of CMMC 2.0 compliance at every level of the contractor supply chain. This
requires visibility and cyber defense of CUI across the entire lifecycle of the data and
anywhere it may be stored, transmitted, and processed.
Compliance Support | 2
CMMC Level
CMMC 2.0 Framework Applicability
Requirement
Prevent non-privileged users from executing Darktrace can monitor and identify
Privileged Functions AC.3.018 privileged functions and capture the anomalous user activity. This would include N/A S N/A
execution of such functions in audit logs. anomalous logins from low privelaged users.
Provide audit record reduction and report Darktrace AI can support investigation
Reduction &
AU.3.052 generation to support on-demand analysis of anomalous events including full N/A S N/A
Reporting
and reporting. automation for a subset of event criteria.
Protect and monitor the physical facility and Darktrace can support the monitoring and
Physical Protection Monitor Facility PE.2.135 support infrastructure for organizational reporting on physical protection control N/A S N/A
systems. programs.