New framework: CMMC Level 3 now available on Scrut

What's new?

Scrut now supports CMMC Level 3 as part of our growing library of over 60 compliance frameworks.

What is CMMC Level 3?

The Cybersecurity Maturity Model Certification (CMMC) is a unified standard for implementing cybersecurity across the Defense Industrial Base (DIB). The framework is designed to protect Controlled Unclassified Information (CUI) that is shared with external partners and contractors.

CMMC Level 3 is a mandatory certification for organizations that handle and process CUI. It builds upon the foundational cybersecurity practices of Levels 1 and 2, requiring an additional 24 security requirements on top of the 110 from NIST SP CMMC Level 2, along with practices to ensure a comprehensive and mature security posture.

Why it matters

Achieving CMMC Level 3 certification is essential for any organization seeking to bid on or maintain contracts with the U.S. Department of Defense. This update provides critical value to your team, enabling you to manage all requirements within a single, integrated platform. This helps you demonstrate the maturity and rigor required for CMMC certification faster and with less manual overhead.

How it works

Scrut now supports CMMC Level 3 in the Frameworks module, empowering customers to:

• Add and track compliance requirements: Add CMMC Level 3 to your Frameworks module to track its requirements.

• Leverage pre-mapped controls: Reduce effort by using pre-mapped controls for your internal policies, evidence, and configurations.

• Use cross-framework mappings: Leverage mappings with ISO 27001, CIS, and NIST to reduce redundant work.

• Manage implementation status: Assign control owners and monitor the implementation status of each requirement.

• Download readiness reports: Prepare for certification or internal reviews by downloading readiness reports.

Need help?

Your Customer Success Manager (CSM) is always ready to help if you need assistance. Explore all recent product updates → View now.