Cybersecurity Maturity Model Certification (CMMC)

CMMC 2.0 

Cybersecurity Maturity Model Certification (CMMC) will become law in 2023. Is a requirement for all organizations within the supply chain to the United States Department of Defense (DoD). When in effect, DoD Contractors will be required to meet a specific CMMC level to submit proposals for new DoD contracts.

CMMC ensures that an organization has achieved the minimum threshold of cybersecurity necessary to be entrusted with the types of information they receive or handle.

It is similar the NIST 800-171 but is performed by a certified external company. The NIST 800-171 standard is a federally mandated requirement for non-federal businesses conducting business with the federal government. It is required if you deal with Controlled Unclassified Information (CUI) or perform services on systems that provide CUI.


image of CCMC v2 model

Click Image to Enlarge

image of CCMC v2 model

Click Image to Enlarge

CMMC Levels

CMMC will become law in 2023. You can beat the rush before the time comes. We will help you become pre-compliant now and CMMC compliant before it is required.

There are three levels of CMMC 2.0:

  • Level 1: Foundational
  • Level 2: Advanced
  • Level 3: Expert

Levels are based on the types of information businesses handle.

Total Cyber’s NIST 800-171 solution prepares businesses for self-certification and verification.

Level 1: Foundational

For companies with federal contract information (FCI) only. This information must be protected but is not critical to national security. 


Level 2: Advanced

For companies with CUI. These requirements are in alignment with NIST SP 800-171 controls.


Level 3: Expert

For companies with CUI and working on DoD's highest priority programs. These requirements are in alignment with NIST SP 800-171 and will use a subset of NIST SP 800-172 controls. 

Learn How We Can Secure Your Business