Cybersecurity Maturity Model Certification

Connect with us

The Department of Defense (DoD) has released the Cybersecurity Maturity Model Certification (CMMC) Version 1.0, a new framework designed to assess and enhance the cybersecurity posture of the Defense Industrial Base (DIB) and its suppliers. CMMC is an evolution of DFARS 252.204-7012 (NIST SP 800-171) and now requires third-party attestation.

Although CMMC Version 1.0 was recently released, all organizations that provide services to the DoD will eventually need to be CMMC certified to bid on future DoD solicitations.

Maturity level overview

The CMMC outlines five compliance maturity levels that range from Basic Cybersecurity Hygiene (Level 1) to Advanced Cybersecurity Practices (Level 5). Each of the five levels outline practices and processes that, when properly implemented, will reduce the risk of hostile agents breaching a company’s cybersecurity defenses. Based on CMMC Version 1.0 released in January 2020, the maturity levels are:

Maturity level certification considerations

Every organization that plans on renewing a current contract or bidding on a new contract in the future will need to be certified at one of the 5 maturity levels outlined above. The DoD will determine which maturity level is required to bid on each solicitation; therefore, organizations will need to determine which maturity level is needed based on the nature of the contracts and work they would like to pursue.

The maturity level for each organization will need to be validated by a CMMC Third-Party Assessment Organization (C3PAO) that will be authorized and trained to perform the work by the CMMC Accreditation Body (CMMC-AB). Organizations will only be able to bid on contracts with a required maturity level equal to or less than their certified maturity level.


How to prepare for CMMC

  • Get started now! It can take time, resources, and investment to fully understand and implement good cybersecurity practices.
  • Do some research.  Read through standards like CMMC 1.0, NIST 800-171, and the DoD CC SRG and think about how they may apply to the work your organization does or may seek to do with the DoD.
  • Stay informed.  Monitor the official DoD and CMMC AB websites for new developments. 
  • Provide feedback.  The CMMC accreditation board is looking for feedback from the industry through FAQs and working groups.
  • Get professional help.  Third-party assessment organizations like Coalfire can offer both advisory and assessment expertise that will help your organization prepare for CMMC.


Coalfire’s full spectrum of CMMC services

Advisory: Are you unsure whether CMMC applies to your organization? Do you know whether your organization exchanges CUI, CDI, or FCI, and if so, which information systems are involved? Have you received a compliance request from the DoD or your prime contract holder? Have you completed and submitted a NIST 800-171 Basic Assessment and now need to bring your score up to 110? Are you wondering how your current NIST 800-171 or DFARS 252.204-7012 capabilities transfer to the CMMC practices and processes and whether you are maintaining the proper records and documentation? Coalfire’s team of experts, acting as an objective third party, can help you answer these questions and interpret the impact of CMMC to your environment. We can also perform a gap analysis on your environment/organization to help devise a roadmap to your desired CMMC maturity level.

Remediation: We offer a suite of remediation services dedicated to helping you meet or exceed your desired CMMC maturity level. These services include developing security documents, resolving threat and vulnerability assessment findings, cloud engineering, and implementing technology.

Assessment: Coalfire Federal was among the first C3PAOs authorized to perform CMMC Assessments by the CMMC-AB. From readiness reviews and planning through the assessment and certification process, Coalfire Federal is here to support Organizations Seeking Certification.

Why choose Coalfire?

For nearly 20 years, Coalfire has provided commercial and public sector organizations, including the DoD, with industry-leading cybersecurity and compliance advisory services. As one of the industry’s largest and most experienced risk management and compliance assessment organizations, Coalfire can provide the expertise and support to guide you successfully through the CMMC certification process.

Coordinated assessments

Simplify assessments and align efforts across frameworks.

Learn more

Compliance management

Gain year-round visibility of your compliance program.

Learn more