CMMC Overview

What is CMMC and Who Does it Impact?

US Department of Defense (DoD) Contractors are currently required to implement 110 NIST SP 800-171 practices to protect Controlled Unclassified Information (CUI) under current DFARS 252.204-7012 contract obligations. The Cybersecurity Maturity Model Certification (CMMC), a three (3) level cybersecurity standards program, will also require organizations handling CUI to meet the those same 110 practices and also pass a third-party assessment at Level 2. The Department of Defense projects CMMC Interim Rule contracts will be in place by March 2023.

With deadlines approaching, securing a trusted CMMC partner is essential. Coalfire Federal has 20 years experience providing advanced cyber support to highly-regulated organizations in the Defense Industrial Base. As one of only a handful of C3PAOs (CMMC Third-Party Assessor Organization), we are uniquely qualified to guide you in your CMMC compliance journey. Connect with us today and learn how Coalfire Federal can help you reach your compliance goals with verifiable, accurate results.

Get Started Today

What is CMMC 2.0?

CMMC 2.0 is the next iteration of the Department’s CMMC cybersecurity model. It streamlines requirements to three levels of cybersecurity and aligns the requirements at each level with well-known and widely accepted NIST cybersecurity standards.

The Department’s model will significantly improve its supply chain security posture and acquisition confidence.

  • Self-assessments – A CMMC self-assessment is acceptable only for those companies that are only required to protect the information systems on which FCI is processed, stored or transmitted. Organizations conducting self-attestations for CMMC Level 1 will require an annual self-assessment and an annual affirmation by a senior company official.
  • Security Practice Alignment – CMMC 2.0 is intended to accommodate a majority of DIB contractors that only handle FCI by eliminating maturity process requirements for CMMC Level 1. CMMC Level 2 is designed to align with NIST SP 800-171 and its 110 security practices while eliminating all CMMC specific and unique security practices.
  • Increased Vigilance – Instead of check-the-box compliance, organizations must think more in-depth about becoming secure and staying that way. Increased vigilance will likely be necessary to achieve and maintain cyber maturity.
medal icon

Level 1 – Foundational

Applies to companies that focus on the protection of Federal Contract Information (FCI).

Level 2 – Advanced

Applies to companies handling Controlled Unclassified Information (CUI).

consultant icon

Level 3 – Expert

Intended for companies that collaborate with CUI on the Department of Defense’s highest-priority programs.

What Role Does the Cyber AB Play in the CMMC Process?

The Cyber AB is the official accreditation body of the Cybersecurity Maturity Model Certification (CMMC) Ecosystem and the sole authorized non-governmental partner of the U.S. Department of Defense in implementing and overseeing the CMMC conformance regime.

The accreditation body verifies the credentials and qualifications of C3PAOs and ensures that they can deliver the appropriate guidance for contracting companies that are trying to meet the compliance requirements. It also establishes the framework and standards for becoming a C3PAO.

Where are you in your CMMC Journey?

Coalfire Federal was among the first group of companies to be selected as a CMMC Registered Provider Organization (RPO) and CMMC Third-Party Assessor Organization (C3PAO). Regardless of where you are in your compliance journey, our CMMC advisory and assessment services can help you effectively plan and prepare for your CMMC Certification.

I Need to Become CMMC
Assessment-Ready

CMMC requirements are exacting. Coalfire Federal can help you effectively prepare to become CMMC-Ready. Leveraging our C3PAO expertise, we know how to prepare for the CMMC Certification Assessment and can guide you through the process. Our suite of services includes:

  • CMMC CUI Boundary Workshop to assist in the determination of in-scope organizational and system environments
  • CMMC Gap Analysis to evaluate your organization’s current readiness state against CMMC practices.
  • CMMC Remediation planning and support to close identified cybersecurity gaps and achieve Certification-ready status.
Learn More About Our CMMC Advisory Services

I Am Ready for my CMMC (C3PAO) Assessment

Among the first group of authorized C3PAO companies and the first to have CMMC Provisional Assessors on staff, Coalfire Federal is uniquely qualified with the CMMC expertise to accurately assess your environment, security practices, and maturity level against the CMMC framework. Coalfire Federal offers the following CMMC assessment services:

  • CMMC Readiness Review to unofficially determine your organization’s readiness state to proceed with the official CMMC Certification Assessment.
  • CMMC Mock Assessment is our unofficial, comprehensive assessment which mirrors the Certification Assessment designed to help you predetermine the likely outcome and your team’s readiness during an official CMMC Certification Assessment.
  • CMMC Assessment to achieve certification.
Learn More About Our CMMC Assessment Services