???? Key Requirements (110 Controls)
Level 2 mein total 110 security controls hote hain jo 14 mukhtalif domains mein divide kiye gaye hain. In mein se kuch aham domains ye hain:
- Access Control: Sirf authorized logon ko hi sensitive data tak rasai dena.
- Incident Response: Cyber attack ki surat mein teizi se action lene ka plan.
- Risk Assessment: Apne systems mein kamzoriyon (vulnerabilities) ko pehchanna.
- System and Communications Protection: Network traffic ko encrypt aur secure karna.
???? Assessment Ka Tareeqa
Level 2 mein do tarah ke assessments ho sakte hain (contract ki shart par mabni):
- Self-Assessment: Har saal contractor ko khud ko audit karna hota hai aur score SPRS mein submit karna hota hai.
- Third-Party Assessment (C3PAO): Har 3 saal baad aik certified organization aapka physical aur technical audit karti hai.
???? Level 1 vs Level 2 Comparison
| Feature | Level 1 (Foundational) | Level 2 (Advanced) |
|---|---|---|
| Controls Count | 15 Controls | 110 Controls |
| Data Type | FCI (Federal Contract Info) | CUI (Controlled Unclassified Info) |
| Standards | FAR 52.204-21 | NIST SP 800-171 Rev 2/3 |
| Audit Frequency | Annual Self-Assessment | Triennial C3PAO Audit |
cmmc level 2
????️ Tyyari Kaise Karein? (The Roadmap)
Level 2 hasil karna mahino ka kaam hai. Iske liye in steps par amal karein:
- Perform a Gap Analysis: NIST 800-171 ki checklist uthayein aur dekhein aap kahan khare hain.
- Create an SSP (System Security Plan): Ye document batata hai ke aap har control par kaise amal kar rahe hain.
- Develop a POAM: Jo gaps reh gaye hain, unhe kab tak theek karenge, iska plan banayein.
- Evidence Collection: Screenshots, log files, aur policies jama karein jo aapka claim sabit karein.
Kya aapko Level 2 ki mukammal 110 controls ki checklist chahiye?
Main aapko bata sakta hoon ke kin controls mein sab se zyada log fail hote hain. Kya aap mazeed details chahte hain?