Cyber Force One (CFONE)




CMMC Advising & Preparation

What is CMMC?

Cybersecurity Maturity Model Certification (CMMC) 2.0, developed by the U.S. Department of Defense (DoD), is a new requirement for DoD contractors and subcontractors. A single standard used across all DoD contracts, CMMC is intended to ensure that appropriate cybersecurity practices and processes are in place to safeguard federal contract information (FCI) and controlled unclassified information (CUI) handled by defense contractors during the performance of DoD contracts. DoD Requests for Proposals (RFPs) will include the required CMMC level (1-3) appropriate for the risk profile of the work entailed. While all Level 1 and some Level 2 contractors and subcontractors will perform self-assessments annually to attest their compliance, a subset of Level 2 contractors and subcontractors will need proof of certification, following triennial third-party assessments, in order to bid. Level 3 contractors and subcontractors will require triennial assessments by government officials. The phased rollout of CMMC requirements is expected to begin in Q3 2025.

How can CFONE help my company prepare for CMMC?

CFONE’s team has decades of experience in cybersecurity compliance and can best guide your company through the necessary steps to prepare you for CMMC compliance as simply, quickly and painlessly as possible:
  • Understand your company: We will work closely with you to ensure your high-level understanding of the CMMC requirements, determine your specific certification needs, and understand the size and complexity of your IT environment. From there, we will develop a plan for CMMC preparation tailored to your company’s cybersecurity posture and goals.
  • Assess and prepare:
    • Our consultants will conduct a gap analysis to assess the current posture of your cybersecurity program, mapping the relationship of your current cybersecurity program to NIST SP 800-171 and the appropriate CMMC controls for the level of certification your company hopes to attain.
    • We will update your System Security Plan (SSP) in accordance with the required CMMC controls and NIST SP 800-171 and create and update a Plan of Action & Milestones (POA&M) based on any deficiencies or issues revealed during the program assessment.
    • Our team will provide guidance and assistance to mitigate any deficiencies covered in the POA&M to close those gaps, sharing implementation best practices and ensuring the necessary policies, processes and plans are in place..
    • We will also take the lead to ensure your cybersecurity program is appropriately documented and collect the necessary evidence and artifacts to demonstrate that the practices and processes are in place to meet or exceed CMMC requirements: without these documents, from the perspective of an auditor, you cannot prove the maturity of your cybersecurity program.

Our compliance experts provide a roadmap to help your company affordably become CMMC compliant, preparing you and ensuring your cybersecurity practices are in place and documented in accordance with the framework. Cybersecurity compliance requirements can seem overwhelming or complicated when they’re not your area of expertise, but you don’t have to navigate them alone. We’re here to help – contact us today