Contact: 571-249-1290

 Cybersecurity Maturity Model Certification (CMMC)

Download the most recent presentation on the CMMC from the Office of the Under Secretary of Defense for Acquisition and Sustainment.

Download CMMC Slide Deck

As cyber threats become highly damaging and complex, a new cybersecurity compliance certification model is being developed by the Department of Defense (DoD) to secure its Defense Industrial Base (DIB), and communication with its private partners. It goes by the name Cybersecurity Maturity Model Certification (CMMC), and it will build upon existing DFARS 252.204-7012 and the NIST 800-171 controls.

The CMMC has five levels of certification ranging from ‘Basic Cyber Hygiene’ to ‘Progressive’. Each level requires the implementation of a certain number of cybersecurity controls given in the CMMC framework. The eligibility of contractors will be assessed based on the implementation of these levels. For example, the highest level (Level 5 – Progressive/Advanced) will be necessary for the companies that seek DoD’s critical contracts. So, the higher your CMMC level, the more impressive your bid will be and the more contracts you can bid on!

Cybersecurity Capability Model Certification

Contractors compliant with NIST 800-171 should be able to receive level 3 certification under the CMMC, requirements sufficient for 99% of companies.

Cybersecurity Maturity Model Certification

Organizations that have implemented the baseline security but have not been keeping up with continuous monitoring activities and relevant documentation, should conduct another gap assessment to determine to what extent have they lapsed in security requirements and how much work is needed to get them back to the baseline security level prior to going though the certification process.

Secure Open Solutions has everything it takes to achieve and maintain the compliance level that your company needs to compete for DoD contracts. The CMMC and its guidelines may seem a little overwhelming and sometimes expensive, but SOS will only provide compliance plans that are completely customized to your company’s needs with flexible pricing for small businesses. We are veteran-owned and have been assisting defense contractors for many years, giving us a comprehensive knowledge of the DoD’s cybersecurity requirements and their process of evaluation. We currently handle: 

  • DFARS / NIST 800-171 Cybersecurity Compliance
  • DSS Risk Management Framework (RMF)
  • FISMA Compliance