Safeguards for defense contractors

The Cybersecurity Maturity Model Certification (CMMC) is a certification process under development by the US Department of Defense (DoD). Once finalized by DoD, CMMC will require certain cybersecurity practices for many contractors and subcontractors doing business with the DoD. Rapid7’s solutions can help organizations prepare for and achieve CMMC compliance.

CMMC’s 110+ security practices are organized into 14 domains, with each domain representing a general category of cybersecurity control aligned with the NIST 800-171 standard. Contractors that certify at CMMC Level 1 must fulfill 17 security practices and self-assess annually, and Levels 2-3 require 110+ practices and obtain a third-party assessment at least every three years.

Below, learn more about how Rapid7’s solutions can help fulfill each CMMC domain.

CMMC Security Rule

Access Control

Read more

InsightVM & Managed VM
InsightIDR & MDR
InsightAppSec & Managed AppSec
InsightCloudSec
Metasploit
Consulting Services
Awareness and Training

Read more

InsightVM & Managed VM
InsightIDR & MDR
InsightAppSec & Managed AppSec
InsightCloudSec
Metasploit
Consulting Services
Audit and Accountability

Read more

InsightVM & Managed VM
InsightIDR & MDR
InsightAppSec & Managed AppSec
InsightCloudSec
Metasploit
Consulting Services
Configuration Management

Read more

InsightVM & Managed VM
InsightIDR & MDR
InsightAppSec & Managed AppSec
InsightCloudSec
Metasploit
Consulting Services

Incident Response

Read more

InsightVM & Managed VM
InsightIDR & MDR
InsightAppSec & Managed AppSec
InsightCloudSec
Metasploit
Consulting Services
Maintenance

Read more

InsightVM & Managed VM
InsightIDR & MDR
InsightAppSec & Managed AppSec
InsightCloudSec
Metasploit
Consulting Services

Media Protection

Read more

InsightVM & Managed VM
InsightIDR & MDR
InsightAppSec & Managed AppSec
InsightCloudSec
Metasploit
Consulting Services

Personnel Security

Read more

InsightVM & Managed VM
InsightIDR & MDR
InsightAppSec & Managed AppSec
InsightCloudSec
Metasploit
Consulting Services

Physical Protection

Read more

InsightVM & Managed VM
InsightIDR & MDR
InsightAppSec & Managed AppSec
InsightCloudSec
Metasploit
Consulting Services

Risk Assessment

Read more

InsightVM & Managed VM
InsightIDR & MDR
InsightAppSec & Managed AppSec
InsightCloudSec
Metasploit
Consulting Services

Security Assessment

Read more

InsightVM & Managed VM
InsightIDR & MDR
InsightAppSec & Managed AppSec
InsightCloudSec
Metasploit
Consulting Services

Systems and Communications Protection

Read more

InsightVM & Managed VM
InsightIDR & MDR
InsightAppSec & Managed AppSec
InsightCloudSec
Metasploit
Consulting Services

Systems and Information Integrity

Read more

InsightVM & Managed VM
InsightIDR & MDR
InsightAppSec & Managed AppSec
InsightCloudSec
Metasploit
Consulting Services

Rapid7 CMMC Brief

If you seek DoD or DHS contracts, you may be required to demonstrate sound cybersecurity practices and processes through CMMC. Rapid7 can explain what’s required, and our solutions can help your company achieve and maintain compliance.

Download the CMMC Brief