CMMC - SOC 2, ISO 27001, HIPAA, NIST, Data Privacy, CMMC, PCI, GDPR Skip to content

CMMC Assessment

All vendors who aspire to work within the supply chain of the U.S. Department of Defense (DoD) are required to comply with the Cybersecurity Maturity Model Certification (CMMC). Various levels of CMMC is required in terms of the cybersecurity practices and processes that organizations are expected to follow as a matter of protocol before bidding on a contract. Certified assessors and cybersecurity experts at databrackets can support your organization to undergo the assessment and define steps to bridge the gaps.

Why does CMMC Certification Matter?

The Cybersecurity Maturity Model Certification (CMMC) is designed to support businesses protect sensitive data from intellectual property theft. With cybersecurity being a key priority for the U.S. Department of Defense (DoD), CMMC Certification is a mandatory requirement starting 2024 for all vendors who aspire to bid on contracts and work within the supply chain of the DoD. The various levels of the CMMC assure the DoD that the processes and practices followed by the vendor ensure the safety of Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) and the flow of that information.

Levels of CMMC Certification

Level 1: Foundational

Organizations complying with Level 1 of CMMC Version 2 are required to follow 17 basic cybersecurity practices which can be self-assessed annually. They are required to submit the assessment report along with a written confirmation by the company leadership. Contracts that require a level 1 certifications consist of Federal Contract Information (FCI) which is not critical to national security.

Level 2: Advanced

Organizations complying with Level 2 of CMMC Version 2 are required to follow 110 cybersecurity practices which align with NIST SP 800-171. There are 2 types of assessments for Level 2 based on the type of contract. Contracts classified as Non-prioritized acquisitions with Controlled Unclassified Information (CUI) require an annual self assessment along with a written confirmation by the company leadership. Contracts classified as Prioritized acquisitions with Controlled Unclassified Information (CUI) require a third-party triennial assessment.

Level 3: Expert

Organizations complying with Level 3 of CMMC Version 2 are required to follow 110+ cybersecurity practices based on NIST SP 800-172. The assessment for this level is triennial and only conducted by the Department of Defense.

Our deliverables include but not limited to

Interested in learning more?

CMMC Showcase

nst-showcase2
View Our
CMMC Presentation
general-audit-showcase
CMMC Project
Showcase