CMMC Services

CMMC Compliance Services

The Cybersecurity Maturity Model Certification (CMMC) is a certification procedure developed by the Department of Defense (DoD) to certify that contractors working with the DoD have the controls in place to protect sensitive data. CMMC replaces the previous self-attestation model and moves to certification via CMMC Third Party Assessment Organizations (C3PAOs). The CMMC Model is based on the best-practices of different cybersecurity standards, including NIST SP 800-171, NIST SP 800-53, ISO 27001, ISO 27032, AIA NAS9933, and others into one cohesive standard for cybersecurity.

The CMMC Model has five defined levels, each with a set of supporting practices and processes. Practices range from Level 1 (basic cyber hygiene) to Level 5 (advanced/progressive). To meet a specific CMMC level, an organization must meet the practices and processes within that level and all levels below. The DoD will specify the required CMMC level an organization must possess when releasing Requests for Information (RFIs) and Requests for Proposals (RFPs).

CMMC Levels

How Can Compass IT Compliance Help?

Although the official CMMC assessment program has yet to begin, Compass IT Compliance can assist organizations in assessing their current level of compliance with the Cybersecurity Maturity Model Certification v1.02. Our assessments will provide invaluable insights into control weakness and gaps, providing your organization with detailed remediation recommendations to mitigate the risk of a failed CMMC assessment in the near future!


CMMC Blog Posts

Contact Us

Compass IT Compliance Services

  • CMMC Readiness Risk Assessment - Assess your current level of compliance with the Cybersecurity Maturity Model Certification v1.02, identify gaps in controls, and identify key work areas that your organization must address to prepare for the upcoming release of the CMMC
  • CMMC Readiness Audit - Examine your controls mapped against the Cybersecurity Maturity Model Certification v1.02 requirements, obtain evidence to determine if the controls are operating effectively to achieve your organization's objectives and satisfy CMMC requirements, and provide remediation strategies. A deeper dive assessment compared to the CMMC Readiness Risk Assessment, the CMMC Readiness Audit will include evidence sampling

Let Compass IT Compliance assist your organization in assessing any risks present through our CMMC services so you can secure your private data environment, comply with regulatory requirements, and save time, money, and resources in the process. Contact Us today to discuss your unique situation. Secure. Comply. Save.