CMMC & DFARS Compliance Is Not Easy

The Truth About CMMC

Despite all of this, CMMC can be solved in a manageable and holistic manner. 
Your organization has likely solved some, but not all, of CMMC requirements. 

We will help you identify, remediate, and maintain your gaps. 

What You Are Likely Seeing

A barrage of companies claim to have a solution. Many go as far to claim “CMMC is easy!”
you’re left trying to cut through the noise. Which companies have the right solutions for CMMC compliance?
Where are the 
appropriate places to make necessary investments?

What is CMMC?

To get a bit technical, the Cybersecurity Maturity Model Certification (CMMC) is a regulatory requirement that was introduced in November 2020. CMMC is prescribed in the Defense Federal Acquisition Regulation Supplement 252.204-7021 clause, interim rule. While still being ironed out, once codified through lawmaking, CMMC will become a contract requirement.  

How Does This Affect You? 

Defense contractors with the DFARS 252.204-7012 clause are required to comply with NIST Special Publication (SP) 800-171. Organizations with Federal Contract Information (FCI) are also required to comply with the basic safeguarding requirements within NIST 800-171 per the FAR 52.204-21 regulatory requirement.  

Per the DoD, “the relationship between CMMC and NIST standards is that CMMC requirements will result in a contractor self-assessment, or a third-party assessment, to determine whether the applicable NIST standard (as identified by the DFARS clause) has been met.” 


We Are Here to Help