Risk Management Framework


The Cybersecurity Maturity Model Certification (CMMC) is a regulation framework for DoD contractors. The CMMC program evolved as a more robust response to ineffective cybersecurity measures set out in the Defense Federal Acquisition Regulation Supplement (DFARS).

Framework Summary

CMMC requires that government contractors protect their Controlled Unclassified Data (CUI) by implementing the NIST 800-171 controls and having them verified by a Certified Third-Party Assessment Organization (C3PAO).

The CMMC framework is outlined by five different distinct levels. Each level has varying degrees of cybersecurity implementation requirements and processes.

Level 1 - Foundational - Annual Self-Assessment

Level 2 - Advanced - Triannual third-party assessment for 3rd Party Controls

Level 3 - Expert - Triannual government-led assessments

More about CMMC Services

Free Discovery Session

Have a quick question?
Email us: cybersecurity@mindpointgroup.com
Give us a call: (703) 636-2033 Option 2