Ready to Schedule a Consultation?

What You Need To Know

The Cybersecurity Maturity Model Certification (CMMC) is the standard response from the Department of Defense regarding notable compromises within contractors' information systems. It is used for implementing cybersecurity throughout the defense industrial base (DIB), which consists of over 300,000 organizations.

Latest Update

Version 1.0 was published January 31, 2020

Who Requires It?

All Department of Defense contractors require a CMMC certification, including all suppliers in the supply chain, SMBs, commercial contractors, and foreign suppliers.


Contractors are responsible for implementing, monitoring, and certifying proper security is in place for protecting their data systems and any important DoD information. However, an independent 3rd party is also required to assess the contractors' compliance.


Five (5) certification levels are required to confirm proper security:
1. Fundamental Cyber Hygeine - using antivirus applications, employee password update protocols
2. Intermediate Security - protection of Controlled Unclassified Information (CUI) using portions of the S Department of Commerce National Institute of Standards and Technology's (NIST’s) Special Publication 800-171 Revision 2 (NIST 800-171 r2) security requirements.
3. Utilizing all NIST 800-171 r2 Security Requirements in an organization-wide cyber protection plan
4. A review board is in place to evaluate instilled practices, techniques and procedures
5. Set a standard process to detects and respond.

5 of 5  
Coyote Brown
vCISO - Virtual CISO - Virtual Chief Information Officer Services

We are a Cyber Security Consulting & Advisory Firm composed of highly experienced strategic cybersecurity advisors and consultants helping clients maintain a healthy cyber security posture.

4.8 of 5  
Palo Alto Networks
We’re committed to delivering security without compromise

Palo Alto Networks, Inc., operates a multinational cybersecurity company that provides advanced firewalls and cloud-services.

4.8 of 5  
Strike Graph
Get certified. Build trust. Win deals.

Strike Graph customers earn audited SOC2 security certifications with confidence.

appviewx netops secops devops automation
0 of 5  

AppViewX is the Next-Gen Machine Identity Management, Automation and Orchestration platform for Enterprise IT.

4.8 of 5  
Cyber Security Brand Protection, Website Takedowns, Trademark Infringement, Dark Web Monitoring

BrandShield provides Cyber Security Brand Protection, Website Takedowns, Trademark Infringement, Dark Web Monitoring and prevents, detects and fights online scams: phishing attacks, fraud, executive impersonations and more.

deceptive bytes cyber threat protection
0 of 5  
Deceptive Bytes

Deceptive Bytes provides an Active Endpoint Deception platform that dynamically responds to attacks as they evolve and changes their outcome.

0 of 5  
Fortalice Solutions
We transform a reactive security model into a proactive, results-based model.

Their highly-skilled practitioners are trained to meet clients where they are – whether that be in the midst of a crisis or proactively seeking cybersecurity services.

0 of 5  

Infoblox delivers essential technology to enable customers to manage, control and optimize DNS, DHCP, IPAM (DDI).

infocyte cyber security threat detection
0 of 5  

Infocyte is a globally trusted leader in proactive threat detection, Microsoft 365 security compliance, and incident response.

0 of 5  
Kenna Security

Kenna Security saves you time and money, and helps your Security and IT teams work more efficiently.

lacework cyber security compliance
0 of 5  

Lacework delivers security and compliance for the cloud.

trend micro security email networks
0 of 5  
Trend Micro

A global leader in cybersecurity that helps make the world safe for exchanging digital information.

blackpoint cyber mdr
4.7 of 5  
Blackpoint Cyber
Managed Detection and Response

Blackpoint Cyber is a technology-focused cybersecurity company headquartered in Maryland, USA. The company was established by former US Department of Defense and Intelligence security experts and leverages its real-world cyber experience and knowledge of malicious tradecraft to help MSPs safeguard their infrastructure and operations.

semperis identity protection cybersecurity
0 of 5  

Semperis is the pioneer of identity-driven cyber resilience for cross-cloud and hybrid environments.

vanta automated security compliance
0 of 5  

Automated security monitoring for compliance certifications: SOC 2, HIPAA, and ISO 27001

tugboat logic soc 2
0 of 5  
Tugboat Logic

Like the immortal tugboat, we're passionate about guiding you through the rough seas of information security and privacy into the calm waters of proven policies, practices and compliance.

drata security compliance
4.9 of 5  
Security Compliance Software - GRC - SOC 2 - ISO27001
0 of 5  
Gradient Cyber
Trusted Security Operations as a Service.

Gradient is a total solution that is a powerful combination of proprietary technology and Sr. Cybersecurity Analysts that make the job of managing security much easier for smaller IT teams; without breaking the bank.

4.4 of 5  
Email Security, CMMC Certified Email Security, Secure File Transfer, Secure Web Forms, Secure API, DoD Security, DoD Contractor CMMC Security, Secure Content Communication

Kiteworks mission is to empower organizations to manage risk effectively when sending, sharing, receiving, and storing sensitive content. The Kiteworks platform is designed to deliver content governance, compliance, and protection to our customers. Platforms unify, track, control, and secure sensitive content within, into, and out of organizations, enhancing risk management and ensuring regulatory compliance.