Prepare Your Business for CMMC with a Gap Assessment Today
The Cybersecurity Maturity Model Certification (CMMC) represents the latest government effort by the United States Department of Defense (DoD) to adequately secure government data. Government data being utilized and/or developed by vendors with contracts or subcontracts through the U.S. DoD requires some of the best cybersecurity available. This is why the CMMC will soon be required for businesses and manufacturers working with the U.S. DoD.

Several drafts of the CMMC were publicly released and public comment was requested. The U.S. DoD took into account public feedback and issued CMMC v1.0 on Jan. 31, 2020. While
DFARS 252.204-7012 and
NIST SP 800-171 are government regulations that require certain cybersecurity efforts by vendors, the requirements of DFARS 7012 and NIST 800-171 could be completed following the award of a contract and utilize a self-assessment and attestation process. The new CMMC requires that certain cybersecurity policies, procedures, and controls be implemented prior to the award of a contract as certified by an accredited, independent third-party CMMC assessor.
INQUIRE TODAY!
Frequently Asked Questions
What is the cybersecurity maturity model certification?
The Cybersecurity Maturity Model Certification (CMMC) represents the latest government effort by the United States Department of Defense (DoD) to adequately secure government data. Government data being utilized and/or developed by vendors with contracts or subcontracts through the U.S. DoD requires some of the best cybersecurity available. The CMMC program was announced on January 31, 2020.
Who needs CMMC certification?
Who should be certified to CMMC? The short answer is anyone in the defense contract supply chain. The DOD estimates the roll-out of CMMC standards will affect 300,000 companies. Most contracts will require a certification between Level 1 and Level 3 to qualify for government contracts.
What is CMMC compliance?
The Cybersecurity Maturity Model Certification (CMMC) is the Department of Defense's (DoD) newest verification mechanism designed to ensure that cybersecurity controls and processes adequately protect Controlled Unclassified Information (CUI) that resides on Defense Industrial Base (DIB) systems and networks.
CMMC compliance is based on a certain hygiene level (1-5) for your environment.
This compliance is no longer a self-attestation and now a certification process.
What are the CMMC levels?
CMMC maps cybersecurity best practices and processes to five maturity levels, from basic cyber hygiene at Level 1 to the most secure cyber hygiene at Level 5.
How do I become CMMC compliant?
The process to become CMMC compliant starts with Dox.
We will come out and perform a pre-assessment of your environment to provide you a gap analysis of CMMC at the specific level you are trying to achieve.
The pre-assessment is Step 1 to determine what work needs to be done first, Step 2 you will need to perform remediations and then Step 3 you will go for an actual certified assessment where you will be assessed by a Certified Auditor against a certain CMMC Level (1-5).
CMMC Processes
Processes are also broken into five levels. These also represent maturity level capabilities per domain.
-
Level 1: 0
-
Level 2: 34 processes
-
Level 3: 17 processes (plus L2 processes)
-
Level 4: 17 processes (plus L2-L3 processes)
-
Level 5: 17 processes (plus L2-L4 processes)
How Can Dox Help?
Dox, a certified Exostar partner, will be seeking accreditation as a third-party CMMC assessor as soon as the CMMC training and licensing process is developed by the CMMC Accreditation Body (CMMC-AB) and becomes available. This will allow Dox to offer our white-glove service to all businesses, regardless of their size, wishing to achieve Cybersecurity Maturity Model Certification. This will enable your organization to move ahead with the DoD bid process without barriers.
In the meantime, Dox continues to offer gap assessments for compliance with NIST SP 800-171 and DFARS, which include the requirements of most current DoD contracts. This type of assessment will also provide insight into your preparedness for CMMC as most of the practices required for CMMC at levels 1, 2, and 3 come from NIST SP 800-171. In fact, every one of the 110 requirements in NIST SP 800-171 appears as a practice within CMMC levels 1, 2, and 3. If you are already compliant with NIST SP 800-171, you have a solid start on achieving CMMC compliance up to level 3.
Non-Compliance Businesses are Losing Money. Don’t be One of Them.
Now is the time to begin the process of moving toward Cybersecurity Maturity Model Certification. According to the Office of the Under Secretary of Defense (OUSD), unless a higher level is specified, all contractors and sub-contractors must meet a minimum of CMMC level 1 requirements. In addition, the OUSD, said industry should begin to see the CMMC requirements as part of the Requests for Information (RFI) by June 2020. Manufacturers and vendors that are not certified will face losing future DoD contracts as a result. Uncertified businesses will likely see large financial losses as a direct result of failure to achieve certification.
Those businesses that fail to meet the CMMC requirements will experience:
-
Loss of new DoD contracts
-
Loss of business reputation
-
Loss of revenue from DoD contracts
Don’t wait until the last minute to become prepared for CMMC. If you are slower to achieve certification than your competitors, that puts your business at a distinct disadvantage. With proper certification, you can outbid your competition.
Schedule your CMMC gap assessment meeting now by calling (585) 473-7766. Contact us and we will reach out to you as soon as possible to schedule your free initial consultation.