DOD contractors looking to achieve compliance with qualified service providers. CMMC stands for Cybersecurity Maturity Model Certification.

Becoming a CMMC Auditor? CMMC with quality assessment SecureDAM tool. Self-assess and auditor program, from SecureDAM™ and their trusted partners for Defense Federal Acquisition Regulation Supplement DFARS compliance.

DFARS vs FAR and Other Acronyms for Government Contractors. … It is the class of information that triggers compliance with Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012. CUI is controlled unclassified information

CMMC Audit Readiness in 3 Simple Steps

1. Assessment/SSP/POAM

We perform a detailed assessment of your current network and compare this with the cyber security controls required in NIST SP 800-171. We then prepare an SSP and POAM so that you can provide documented evidence to the DoD or your Prime that you’re on your way towards compliance. This step then serves as the basis for creation of the remediation plan.

2. Remediation

In this step the items called out in the POAM need to be addressed. Depending on the current state of your IT systems, this can be as simple as implementing multi-factor authentication and security awareness training or as complex as refreshing an entire aging infrastructure.

3. Compliance Monitoring & Maintenance

Ongoing advanced cybersecurity monitoring and incident response capabilities are required to remain compliant. If a cyber incident occurs you must notify the DoD through the DIBNet Portal ( within 72 hours. You must also constantly assess and maintain the NIST 800-171 controls over time as systems change and fall out of alignment.