Coalfire Federal CMMC Advisory Services

Solution Sheet

Your Trusted CMMC Partner

As one of the first Certified Third-Party Assessor Organizations (C3PAOs) and as a defense contractor also subject to CMMC regulations, Coalfire Federal is uniquely qualified to help you effectively plan, prepare for, and earn you CMMC Certification. 

Coalfire Federal:

  • is one of the first C3PAOs, with first-hand experience of the assessment process.
  • has been conducting CMMC analysis since 2020.
  • understands cloud services and their role in CMMC.
  • delivers accurate, verifiable results that are on-time and within budget.


The Cybersecurity Maturity Model Certification (CMMC) preparation process can seem
daunting unless you have an experienced, trusted partner that can support your team and
help you become certification-ready. Coalfire Federal has been providing CMMC Advisory
Services since early 2020 and has a staff of trained, proficient CMMC experts to help you
effectively and accurately prepare for your certification.

CMMC Requirements

Organizations that contract business with the US Department of Defense (DoD) are currently required to
implement NIST SP 800-171 best practices. The CMMC, a three-level cybersecurity standards program, will mandate organizations handling CUI to meet the 110 NIST best practices, while also requiring contractors to pass a third-party assessment at Level 2. The DoD projects additional CMMC Interim Rule contracts will be in place by May 2023.

How Coalfire Federal Can Help

Coalfire Federal was among the first group of companies to be selected as a CMMC Registered Provider Organization (RPO) and CMMC Third-Party Assessment Organization (C3PAO). Regardless of where you are in your compliance journey, our CMMC advisory and assessment services can help you effectively prepare for your CMMC Certification.

“We can give you guidelines, we can give you ‘this is what it might look like, this is what we think you should consider,’ but we can’t give you directions.”

Stacy Bostjanick
Office of the DoD, Chief Information Officer

CMMC 2.0 – How It’s Going to Work

The CMMC aligns the requirements at each level with well-known and widely accepted NIST cybersecurity standards. The Department’s model will significantly improve its supply chain security posture and acquisition confidence in the DIB. Where your organization falls into one of these categories will dictate what measures and practices you will need to put in place and document.

Level 1 – Foundational

Applies to companies that focus on the protection of Federal Contract Information (FCI).

Level 2 – Advanced

Applies to companies handling Controlled Unclassified Information (CUI).

Level 3 – Expert

Intended for companies that collaborate with CUI on the Department of Defense’s highest priority programs.

Toward a More Secure DoD Supply Chain

The DoD’s three-level certification model will significantly improve supply chain security posture and
acquisition confidence in the DIB. Differences reflected in the new CMMC assessment framework include:


A CMMC self-assessment is acceptable solely for those companies that are only required to protect the information systems on which FCI is processed, stored or transmitted. Organizations conducting self-attestations for CMMC Level 1 will require an annual self-assessment and an annual affirmation by a senior company official.

Security Practice Alignment:

The CMMC is intended to accommodate a majority of DIB contractors that only handle FCI by eliminating maturity process requirements for CMMC Level 1. CMMC Level 2 is designed to align with NIST SP 800-171 and its 110 security practices while eliminating all CMMC-specific and unique security practices.

Increased Vigilance:

Instead of check-the-box compliance, organizations must think more in depth about becoming secure and staying that way. Increased vigilance will likely be necessary to achieve and maintain cyber maturity.

Coalfire Federal is Ready to Help You Become Certification-Ready for CMMC

As a C3PAO and a Department of Defense contractor also subject to CMMC requirements, Coalfire Federal is uniquely qualified, and armed with first-hand experience, to help you become CMMC assessment-ready. Our services include:

CMMC CUI Boundary Analysis

To assist in the determination of in-scope organizational and system environments.

CMMC Gap Analysis

To evaluate your organization’s current state of readiness against your targeted CMMC Level.

CMMC Remediation Support

To close identified cybersecurity gaps and achieve certification- ready status.


Leverage Coalfire Federal’s industry-leading expertise to get ready for CMMC 2.0. Learn more

Copyright © 2023 Coalfire Federal. All rights reserved.