The Cybersecurity Maturity Model Certification (CMMC) is a framework developed by the Department of Defense (DoD) to enhance and ensure the cybersecurity posture of contractors in the Defense Industrial Base (DIB). It is a major shift in cybersecurity regulations that increases cyber hygiene rigor with process and practice requirements, and audits via third-party assessors, known as CMMC Third-Party Assessment Organizations (C3PAOs).
The primary goal of the CMMC is to safeguard sensitive information, such as Federal Contract Information (FCI) and Controlled Unclassified Information (CUI), and control access to critical data, thereby reducing cyber threats and protecting the Defense Supply Chain (DSC).
The Cybersecurity Maturity Model Certification (CMMC) affects organizations and contractors in the Defense Industrial Base (DIB) that handle Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) and wish to bid on or fulfill DoD contracts.
The CMMC applies to both prime contractors and subcontractors at all tiers of the defense supply chain. It is designed to enhance and ensure the cybersecurity posture of prime and sub-contracotors to protect sensitive information and control access to critical data. Contractors must achieve the appropriate CMMC certification level based on the nature of the information they handle and the contract requirements.
The CMMC requirements are gradually being phased into DoD contracts and will be pivotal to the way DoD suppliers qualify for future contracts. As the program matures, more and more contracts are expected to include CMMC certification as a prerequisite for participation.
Our experts help defense contractors understand CMMC’s threat-based assessment model and implement required controls to protect sensitive systems, environments, and data.
We engage as a third-party to evaluate your organization's operations, security practices, and threat exposure to achieve CMMC certification.
As a Licensed Training Partner (LTP), our interactive training programs include details on core regulations and provide a progressive level of knowledge, hands-on training, and exam preparation that aligns with the exam objectives.
As a Licensed Training Partner (LTP), our interactive training programs include details on core regulations and provide a progressive level of knowledge, hands-on training, and exam preparation that aligns with the exam objectives.
Readiness / Gap Assessment
Our experts help defense contractors understand CMMC’s threat-based assessment model and implement required controls to protect sensitive systems, environments, and data.Â
CMMC Level II Compliance
We engage as a third-party to evaluate your organization's operations, security practices, and threat exposure to achieve CMMC certification.
CMMC Certifications (CCP / CCA)
As a Licensed Training Partner (LTP), our interactive training programs include details on core regulations and provide a progressive level of knowledge, hands-on training, and exam preparation that aligns with the exam objectives.
Licensed Publishing Partner
Designed with our Training Partners in mind, our comprehensive CMMC curricula and training materials are based on CMMC core regulations and best practices to promote an interactive learning environment.Â
The baseline credential and the first step towards becoming a Certified CMMC Assessor (CCA). It prepares you to participate on CMMC assessment teams.
The certification for anyone that performs CMMC Level 1 and Level 2 Assessments and wishes to become a Lead Assessor.
Educational and informational events, materials, articles, whitepapers, and other communication on CMMC concerns.Â
Our pre-built policy and documentation templates ensure rapid integration and adoption within your organization.
We provide continuous awareness of your security posture and the technical solutions required for continuous CMMC compliance.​
Level 1Â
An organization must demonstrate basic cyber hygiene practices, such as ensuring employees change passwords regularly to protect Federal Contract Information (FCI). FCI is "information, not intended for public release, that is provided by or generated for the Government under a contract to develop or deliver a product or service to the Government."
Level 2Â
An organization must have an institutionalized management plan to implement good cyber hygiene practices to safeguard CUI, including all the NIST 800-171 r2 security requirements and processes.
Level 3Â
Expert. An organization must have standardized and optimized processes in place and additional enhanced practices that detect and respond to changing tactics, techniques and procedures (TTPs) of advanced persistent threats (APTs). An APT is as an adversary that possesses sophisticated levels of cyber expertise and significant resources to conduct attacks from multiple vectors. Capabilities include having resources to monitor, scan, and process data forensics.
Captiva Solutions LLC
8201 Corporate Dr Ste 635
Greater Landover, MD 20785
TF:Â 888.850.9280
Tel:Â 202.770.2120
Fax: 202.770.2121
Captiva Solutions is your trusted partner for all your IT and cybersecurity concerns. Using cutting-edge technology, adaptive systems, dedicated resources, and the highest levels of skills and expertise, we offer comprehensive IT solutions at competitive rates.
COPYRIGHT © 2023 CAPTIVA SOLUTIONS
Level 1
An organization must demonstrate basic cyber hygiene practices, such as ensuring employees change passwords regularly to protect Federal Contract Information (FCI). FCI is “information, not intended for public release, that is provided by or generated for the Government under a contract to develop or deliver a product or service to the Government.”
Level 2
An organization must have an institutionalized management plan to implement good cyber hygiene practices to safeguard CUI, including all the NIST 800-171 r2 security requirements and processes
Level 3 – Expert.
An organization must have standardized and optimized processes in place and additional enhanced practices that detect and respond to changing tactics, techniques and procedures (TTPs) of advanced persistent threats (APTs).
An APT is an adversary that possesses sophisticated levels of cyber expertise and significant resources to conduct attacks from multiple vectors. Capabilities include having resources to monitor, scan, and process data forensics.