Cybersecurity Maturity Model Certification

Connect with us

CMMC 2.0 is the next iteration of the Department’s CMMC cybersecurity model. It streamlines requirements to three levels of cybersecurity and aligns the requirements at each level with well-known and widely accepted NIST cybersecurity standards.

The Department’s model will significantly improve its supply chain security posture and acquisition confidence.

Where are you in your CMMC journey?

I need to become CMMC assessment-ready

CMMC requirements are exacting. Coalfire and Coalfire Federal can help you effectively prepare to become CMMC-Ready. Leveraging our C3PAO expertise, we know how to prepare for the CMMC Certification Assessment and can guide you through the process.

  • CMMC CUI Boundary Analysis to assist in the determination of in-scope organizational and system environments.
  • CMMC Gap Analysis to evaluate your organization’s current readiness state against CMMC practices.
  • CMMC Remediation Support to close identified cybersecurity gaps and achieve Certification-ready status.

CMMC advisory services

I am ready for my CMMC assessment

Among the first group of authorized C3PAO companies and the first to have CMMC Provisional Assessors on staff, the Coalfire and Coalfire Federal teams are uniquely qualified with the CMMC expertise to accurately assess your environment, security practices, and maturity level against the CMMC framework. The Coalfire teams offer the following CMMC assessment services:

  • CMMC Mock Assessment is our unofficial, comprehensive assessment which mirrors the Certification Assessment designed to help you predetermine the likely outcome and your team’s readiness during an official CMMC Certification Assessment.
  • CMMC Assessment to achieve certification.

CMMC assessment services

Why choose Coalfire for CMMC services?

US Department of Defense (DoD) Contractors are currently required to implement 110 NIST SP 800-171 practices to protect Controlled Unclassified Information (CUI) under current DFARS 252.204-7012 contract obligations. The Cybersecurity Maturity Model Certification (CMMC), a three (3) level cybersecurity standards program, will also require organizations handling CUI to meet the those same 110 practices and also pass a third-party assessment at Level 2. The Department of Defense projects CMMC Interim Rule contracts will be in place in 2023.

With deadlines approaching, securing a trusted CMMC partner is essential. Coalfire and Coalfire Federal have 20 years experience providing advanced cyber support to highly-regulated organizations in the Defense Industrial Base. As one of only a handful of C3PAOs (CMMC Third-Party Assessor Organization), we are uniquely qualified to guide you in your CMMC compliance journey.

Connect with us today and learn how Coalfire and Coalfire Federal can help you reach your compliance goals with verifiable, accurate results.

Frequently asked questions

What is Cybersecurity Maturity Model Certification or CMMC?

CMMC is a cybersecurity framework created by the US DoD that establishes a minimum threshold level of cybersecurity that organizations entrusted with sensitive defense information must meet or exceed. CMMC was created to curtail the theft of controlled unclassified information (CUI) by adversaries of the United States.

What are the 3 levels of CMMC?

These levels are based on the sensitivity of DoD information received or handled:

  • CMMC level 1: Foundational – Applies to companies that only receive federal contact information (FCI). These 17 controls define requirements for basic cyber hygiene.
  • CMMC level 2: Advanced – Aligns with the 14 Control Families and 110 security controls within National Institute of Technology and Standards (NIST) Special Publication 800-171 Revision 2 to protect controlled unclassified information (CUI).
  • CMMC level 3: Expert – This is intended for companies that collaborate with CUI on the DoD’s highest-priority programs. It is focused on reducing the risk from Advanced Persistent Threats (APTs).
How does Coalfire help me prepare for CMMC?

We offer a full suite of advisory and remediation services, including CUI boundary workshops, GAP analyses, and strategy and planning. Plus, Coalfire is one of the first authorized CMMC Third Party Assessment Organization (C3PAO) and a Registered Provider Organization (RPO).

What’s the difference between CMMC Certification Ready and CMMC Certified?

Coalfire can either provide services that help you prepare for a CMMC certification assessment or can perform the CMMC certification assessment, but we can’t do both for the same company. Coalfire’s suite of CMMC Certification Ready services are designed to help you prepare for CMMC Certification in a timely, cost-efficient manner. CMMC Certification services include conducting mock assessments and performing a CMMC certification assessments.

Can Coalfire provide both advisory services and assessment services for CMMC?

While Coalfire provides services to OSCs looking for CMMC Certification Readiness as well as OSCs seeking CMMC Certification, Coalfire cannot assess an organization for whom we have provided CMMC advisory services within the past two years.

What CMMC level do I need to certify to?

Your maturity level is determined based on the nature of the DoD contracts and work that you would like to pursue. Generally, an organization that only handles FCI (Federal Contract Information) must certify at level 1. Any organizations that handle Controlled Unclassified Information (CUI) must certify to level 2.

What other changes happened with CMMC 2.0?

CMMC 2.0 simplified both compliance requirements and the assessment process, aligning CMMC Level 2 with NIST SP 800-171 R2. The rule to enact CMMC 2.0 is current in process and expected to be published as an Interim rule in 2023. It will go into effect 60 days after its publication.

Contact Coalfire for your CMMC needs