Cybersecurity Maturity Model Certification
The Department of Defense (DOD) plans to enhance the security of controlled unclassified information (CUI). By 2025, CMMC will be required to bid on DOD contracts, and the quantity and types of DOD contracts you can bid on will depend on your company’s CMMC maturity level.
- Level 1. Foundational: 15 Practices; Annual Self Assessment & Annual Affirmation
- Level 2. Advanced: 110 Practices aligned with NIST SP 800-17; Triennial third-party assessments for critical national security information and select programs
- Level 3. Expert: 110+ Practices based on NIST SP 800-171 and 800-172; Triennial government-led assessments
Auditor required to apply?
Yes. By certified independent 3rd party organizations.
Federal, state, or industry requirement?
Yes. Mandatory for all DOD contractors.
Why Seek CMMC?
- It’s required to work for the DOD.
- Limit your competition for DOD contracts.
- Get more contracts and higher-quality ones.
- Be one of the first companies to claim CMMC.
A Typical CMMC Engagement
Average Timeline: 3-6 Months to Prepare for a CMMC Assessment
Project initiation and kickoff
Identify desired CMMC maturity level
Conduct a gap readiness assessment
Provide all evidence of closed gaps
CMMC assessment with C3PAO
Resolve all findings from the C3PAO
Let’s get you on the right track.
Fill out the form to talk to a Neutral Partners expert about CMMC, and we’ll be in touch as soon as possible.
"*" indicates required fields