In our previous blog, we discussed the purpose of Level 3 and the requirements that potential contractors will need to meet to achieve Level 3 readiness. As we continue along the maturity model to Level 4, we will provide *Readiness Notes* to point out potential roadblocks for achieving Cybersecurity Maturity Model Certification (CMMC) Level 4 readiness. Purpose of Level 4 Potential contractors’ cybersecurity maturity is measured with five levels in the CMMC model. Level 4’s purpose is to protect Controlled Unclassified Information (CUI) and reduce risk of Advanced Persistent Threats (APTs). What classifies as an APT? The CMMC describes an APT as an adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception). Level 4 requires the potential contractor to review and measure practices for effectiveness, as well as taking corrective action when necessary and regularly inform higher levels of management regarding issues. Level 4 focuses on the protection of CUI from APTs with an additional subset of the enhanced security requirement from Draft NIST SP 800-171B  and other cybersecurity best practices. The practices should enhance the detection and response capabilities of the potential contractor to address and adapt to the changing tactics, techniques, and procedures (TTPs) used by APTs.