Level 3, Expert level, is intended for contractors handling high-value assets and information that are of critical importance to national security. Companies seeking Level 3 certification must demonstrate advanced cybersecurity capabilities to protect against sophisticated, state-sponsored threats and advanced persistent threats (APTs).
Level 3 is based on the requirements outlined in NIST Special Publication 800-172 and builds upon the practices established in Levels 1 and 2. Beyond the 110 practices from NIST SP 800-171 covered in Level 2, Level 3 includes additional enhanced security requirements designed to provide a higher level of protection. These enhanced requirements are tailored to counter APTs and are highly technical, focusing on proactive threat hunting, incident response, and system recovery processes.
Key components of Level 3 certification include:
- Advanced Threat Hunting: Conducting proactive searches within the network to detect potential indicators of compromise (IOCs) before they are known or identified by traditional signature-based detection methods.
- Enhanced Incident Response: Developing and implementing an incident response plan that includes preparation, detection, analysis, containment, eradication, and recovery.
- Resilient System Architecture: Building systems with the capability to withstand and recover from a cyber attack, ensuring the continuity of critical operations even when certain components are compromised.