looking for security management products going for cmmc level 3 compliance

david austin

we are working on CMMC lvl 3 so we need products that can help us

sturdyerde

Have you already fulfilled levels one and two of the CMMC model? How familiar are you with the span of the model? The first levels are focused on performing and documenting proper cyber security hygiene practices. Level 3 indicates that your organization has implemented the required practices and is actively monitoring their compliance and effectiveness. This spans many different "domains" of cyber security practices, which could each require different sets of tools to be implemented. Just a few examples of the domains include access control, asset management, configuration management, identification and authentication, incident response, recovery, and security assessment. 

Given the breadth of tools and practices that will need to be implemented, you may find it helpful to step back, review the overall requirements, and build a team of stakeholders to help drive a CMMC program forward in your organization. That list of people will likely include members of IT's security, infrastructure, operations / service desk, and application teams, along with your compliance team. 

Here are a couple of resources that may help: 

• CMMC_Model_Main_20200203.pdf (osd.mil)
• CMMC Compliance for Defense Contractors | NeoSystems LLC (neosystemscorp.com), CMMC Level 3 | Requirements & Steps to Achievement (neosystemscorp.com)
• CMMC Level 3 Guide | Cybersecurity Maturity Model Certification (summit7systems.com)
• Regulatory Compliance details for CMMC Level 3 - Azure Policy | Microsoft Docs

From those links, Summit7 Systems does list some specific tools that can help reach compliance with specific domains of the CMMC model, but I'd suggest you try to build a holistic plan before making any purchases.