The Cybersecurity Maturity Model Certification (CMMC) is a framework DoD-developed and mandated framework to measure the cybersecurity “maturity level” of defense contractors that form the Defense Industrial Base (DIB) and supply chain.

CMMC is designed to improve the security posture and maturity levels of the DIB supply chain to further enable and protect DoD’s mission. The new program will required third party assessments and certifications to verify that DIB companies are aligned with the appropriate CMMC maturity level and are consistently practicing cyber hygiene practices while protecting Controlled Unclassified Information (CUI).

Why Does My Business Need to Become CMMC Certified?

Complying with the new CMMC framework and obtain Certification will be required by the DoD beginning in 2022. Any defense contractor intending to pursue and/or support DoD programs will be required to obtain the appropriate CMMC Certification Level prior to receiving an award beginning in 2022.

What Are the New CMMC Requirements?

The CMMC framework is designed to protect the Defense Supply Chain and DoD mission. . The new guidelines consist of a series of five maturity levels ranging from basic cyber hygiene to protecting classified information.

handshake icon

Level 1:

This base certification level outlines a set of practices pertaining to minimum data safeguarding requirements to prevent a breach of Federal Contract Information. Most defense department contracts will require meeting this standard. 

Learn More

consultant icon

Level 2:

This standard establishes a base cybersecurity level for contracts containing Controlled Unclassified Information (CUI). It features a more advanced set of security procedures that serve as a transition when preparing for Level 3. Companies must comply with an additional 55 practices over Level 1. 


Level 3:

The primary focus of this level is safeguarding CUI. It requires organizations to create, maintain and resource a plan that illustrates the management of activities for CMMC implementation. The expectation is that this will become the most frequently mandated level for DoD contracts.

Learn More

medal icon

Level 4:

Compliance with this level requires protecting CUI from Advanced Persistent Threats (APTs). The required cybersecurity practices are more complex and time-consuming to implement and maintain. Organizations must review and measure their methods to demonstrate their effectiveness and institute additional best practices. 

Learn More

handshake icon

Level 5:

Companies required to meet this standard must demonstrate the standardization and optimization of cybersecurity practices across the organization. These extra steps will increase the depth and sophistication of their cybersecurity capabilities. 

Learn More

Coalfire Federal can support your CMMC journey and help you achieve CMMC Certification

Coalfire Federal offers various CMMC advisory services that can help you become CMMC Certification Ready. As one of the first C3PAO Candidate companies, we have a thorough understanding of the CMMC framework and what it takes to achieve CMMC Certification.

Our CMMC Gap Analysis is purpose built upon proven methodologies that will quickly help you identify areas that need attention to achieve Certification Ready status.

Coalfire Federal understands what it will take to pass your CMMC Certification Assessment – our CMMC remediation services will align your organization on the right path to become Certification Ready.

Contact the Coalfire Federal CMMC team today to discuss your CMMC plans and explore how we can support your CMMC journey. (Add Contact Us Button and link to contact form)

Protect the Mission With Coalfire Federal

Get Started Today