You will need the CMMC Certification to be awarded DOD contracts in the near future. We are a full-service CMMC assessment preparation company focused on solutions for small business. 

Learn More

Note: Companies will not need the CMMC certification to bid on DoD RFPs.  Companies will need the CMMC certification in order to be awarded contracts with the CMMC requirement. 

What is the CMMC?

The CMMC is the Cybersecurity Maturity Model Certification, and a specified level of CMMC certification will be listed as a requirement in all Department of Defense RFPs beginning in late Fall 2020.  The maturity model has five levels of cybersecurity maturity, with Level 1 requiring basic cyber hygiene and Level 5 requiring advanced cybersecurity controls.  All companies (large and small) will be required to receive a third-party assessment and certification of their company's network to ensure they are complying with their prescribed level of cybersecurity maturity according to the RFP.  

What about DFARS (NIST 800-171)?

The intent of the CMMC is to combine various cybersecurity control standards such as NIST SP 800-171, NIST SP 800-53, ISO 27001, ISO 27032, AIA NAS9933 and others into one unified standard for cybersecurity. In addition to cybersecurity control standards, the CMMC will also measure the maturity of a company’s institutionalization of cybersecurity practices and processes.