CMMC

Cybersecurity Maturity Model Certification

The Department of Defense (DOD) plans to enhance the security of controlled unclassified information (CUI). By 2025, CMMC will be required to bid on DOD contracts, and the quantity and types of DOD contracts you can bid on will depend on your company’s CMMC maturity level.

Level 1. Foundational: 15 Practices; Annual Self Assessment & Annual Affirmation
Level 2. Advanced: 110 Practices aligned with NIST SP 800-17; Triennial third-party assessments for critical national security information and select programs
Level 3. Expert: 110+ Practices based on NIST SP 800-171 and 800-172; Triennial government-led assessments

Requirements

Auditor required to apply?
Yes. By certified independent 3rd party organizations.

Federal, state, or industry requirement?
Yes. Mandatory for all DOD contractors.

Why Seek CMMC?

It’s required to work for the DOD.
Limit your competition for DOD contracts.
Get more contracts and higher-quality ones.
Be one of the first companies to claim CMMC.

A Typical CMMC Engagement

Average Timeline: 3-6 Months to Prepare for a CMMC Assessment

Day 0

Project initiation and kickoff

Identify desired CMMC maturity level

Day 1

Conduct a gap readiness assessment

Day 90

Provide all evidence of closed gaps

CMMC assessment with C3PAO

Day 120

Resolve all findings from the C3PAO

Day 150

Receive CMMC

Let’s get you on the right track.

Fill out the form to talk to a Neutral Partners expert about CMMC, and we’ll be in touch as soon as possible.

"*" indicates required fields