How Does A Level 4 Certification Compare With Level 3?
Level 4 requires that an organization review and measure practices for effectiveness. In addition, organizations at this level must be able to take corrective action when necessary and inform higher-level management of status or issues on a recurring basis.
Level 4 focuses on the protection of Controlled Unclassified Information (CUI) from Advanced Persistent Threats (APTs) and encompasses a subset of the enhanced security requirements from Draft NIST SP 800-171B as well as other cybersecurity best practices. These practices enhance the detection and response capabilities of an organization to address and adapt to the changing tactics, techniques and procedures (TTPs) used by APTs.