|Basic Cyber Hygiene – 17 practices|
Focuses on the protection pf Federal Contract Information. Only Basic safeguarding practices are included to meet requirements defined in 48 CFR 52.204-21.
|Intermediate Cyber Hygiene – 72 Practices|
Includes a subset of security requirements specified in NIST SP 800-171. Organizations should establish and document information security practices and policies.
|Good Cyber Hygiene – 130 Practices|
Includes all security requirements specified in NIST SP 800-171. Organizations should establish, maintain, and resource an information security plan that addresses how Controlled Unclassified information is protected.
|Proactive – 156 Practices|
Focuses on protection of Controlled Unclassified Information from Advanced Persistent Threats and introduces security requirements from NIST SP 800-171B. Organizations should regularly review and measure practices for effectiveness.
|Advanced/Progressive – 171 Practices|
Focuses on Protecting Controlled Unclassified Information from Advanced Persistent Threats using additional practices that increase the depth and sophistication of the organization’s cybersecurity capabilities.