CMMC compliance

The Cybersecurity Maturity Model Certification is being developed  by Office of the Under Secretary of Defense for Acquisition & Sustainment to be used by the Department of Defense contractors.

As stated on their website, “The Department of Defense is planning to migrate to the new CMMC framework in order to assess and enhance the cybersecurity posture of the Defense Industrial Base (DIB). The CMMC is intended to serve as a verification mechanism to ensure appropriate levels of cybersecurity practices and processes are in place to ensure basic cyber hygiene as well as protect controlled unclassified information (CUI) that resides on the Department’s industry partners’ networks.”

What are CMMC objectives?

What does CMMC mean to DoD contractors and sub contractors?

If you do business with the DoD, you want to get ready for a CMMC audit now.  Per the Office of the Under Secretary of Defense for Acquisition & Sustainment,  “All companies conducting business with the DoD must be certified. The level of certification required will depend upon the amount of CUI a company handles or processes.” Contact us if you have questions about what level of compliance is necessary for you.

Level 3

Expert

“Special CUI”

≤ 206 Controls

110 CUI + 61 NFO Controls from NIST SP 800-171 & ≤ 35 controls from NIST SP 800-172

High Priority Acquisitions:

Dod-staffed (DIBCAC) assessment every 3 years

Level 2

Advanced

“Regular CUI”

171 Controls

110 CUI + 61 NFO Controls from NIST SP 800-171

Prioritized Acquisitions:

CMMC-AB approved CP3AO assessment every 3 years

Non-Prioritized Acquisitions:

Annual self-assessment (OSC conducted)

Level 1

Foundational

“FCI”

17 Controls

Based on 15 basic cybersecurity controls from FAR 52.204-21

Annual Self-Assessment

CyberCompass helps DOD contractors and subcontractors understand their CMMC maturity level and get you audit-ready. It is affordable, with its built-in expertise that does most of the heavy lifting along with the analysis and compliance documentation to streamline CMMC compliance. When you need to get certified, it can go quickly and smoothly. 

Our automation can save your firm over 400 hours in twelve months on becoming and staying compliant.

  • Answer one set of simple yes/no questions that meets CMMC regulations
  • CyberCompass saves your survey progress, allowing you to start and stop as needed
  • Prioritized risk report lets you decide where to focus time and resources for corrective actions
  • Built in step-by-step guide teaching you how to fix vulnerabilities
  • CyberCompass’ encrypted vault saves your “body of evidence” in one place
  • Manage your third party/vendor compliance to track their compliance. Use our pre-built agreement templates to make record keeping easier.
  • Monitor your compliance for 12 months with dashboards and reporting. 
  • Utilize our built-in employees cyber awareness training which is required by CMMC. CyberCompass allows to you schedule and track employee competency.

Still have some questions? Take a look at our FAQs here.

cyber hygiene

Get your cyber hygiene checklists today!

Please tell us a little about yourself

Thank you for downloading our checklists

Download the case study

Learn more about how CyberCompass has helped companies just like you!

Thank you for downloading our case study

Download the case study

Learn more about how CyberCompass has helped companies just like you!

Thank you for downloading our case study

Let's Keep In Touch

Let's Keep In Touch

Want to stay in the know on the latest with cybersecurity? Sign up today to receive resources, tips and tricks and important information about regulations to help your business build cyber resilience.

Thank you for joining the CyberCompass community

Share This