Cybersecurity Maturity Model Certification (CMMC) Consulting Services

October 14, 2021
Download Brochure

What is Cybersecurity Maturity Model Certification (CMMC)?

The Cybersecurity Maturity Model Certification (CMMC) is a unified cybersecurity standard for Department of Defense (DoD) acquisitions aimed at securing the Defense Industrial Base (DIB) supply chain. This standard is required for all defense contractors and subcontractors wishing to do business with the DoD. The CMMC framework consists of five levels and requires an independent third-party certification by an accredited organization.

CMMC encompasses the following:

  • 43 capabilities
  • 17 capability domains
  • 5 processes across five levels to measure process maturity
  • 171 practices across five levels to measure technical capabilities

The CMMC levels are:

  • LEVEL 1 – Basic safeguarding of Federal Contract Information (FCI)
  • LEVEL 2 – Transition step to protect Controlled Unclassified Information (CUI)
  • LEVEL 3 – Protecting CUI
  • LEVEL 4-5 – Protecting CUI and reducing risk of advanced Persistent Threats (APT)

CMMC Certification Timeline

The current schedule released by the DoD states that CMMC will be rolled out in various RFPs over a five (5) year period starting in 2021 with every DoD RFP having a CMMC requirement starting in 2025. The intent is to identify the required CMMC Level in RFP Section ‘L’ and ‘M’ and use it as a “go/no- go decision.” Therefore, it is imperative if you are a contractor, along any aspect of the DIB supply chain, that you begin to prepare now.

CMMC Services: How Cherry Bekaert Can Help

As a CMMC Certified 3rd Party Assessment Organization (C3PAO) and Registered Practitioner Organization (RPO), Cherry Bekaert is your provider of choice. Our Risk & Accounting Advisory Services (RAAS) group, made up of internal control, cybersecurity and Government Contracting consulting professionals, has decades of experience navigating the ever-changing landscapes of both the government contracting industry and the cyber threat landscape. Our RAAS professionals can help you with CMMC services by way of:

  • Certification Level Identification & Consultation
  • System Boundary Determination
  • Control Definition & Design
  • Documentation Development & Review
  • Mapping to Existing Frameworks such as: NIST 800-53/171 (FedRAMP, FISMA, DFARS 7012), ISO 27001/2, SOC 2, PCI, HITRUST and Others
  • CMMC Assessments for Certification

CMMC Readiness:

Our CMMC Readiness Assessments are designed to identify gaps and prescribe pragmatic solutions to remediate in order to help you achieve the appropriate CMMC Level.

CMMC Certification:

Our CMMC Assessments for Certification are streamlined from Planning & Testing through Reporting & Submission to the CMMC-AB to ensure an efficient assessment from beginning to end.

For more information, please contact us at today.