top of page
Each level of the Cybersecurity Maturity Model consists of practices and processes that you must follow in order to be certified.
Who must be certified with the CMMC?
All main contractors, subcontractors, and organizations that sell or supply services to the Department of Defense (DoD) must be certified with the CMMC.
How to start the DoD certification process?
Companies seeking to be certified by the CMMC must first identify what level of maturity they wish to achieve in order to be audited. Then they have to search for available C3PAO to schedule a date.
Certified Team Member
.png)
Miguel Vega
MBA, MCP, RP IT
Consultant; IT Governance and Compliance System Specialist & CMMC-AB Registered Practitioner
Visit Marketplace »
-
Do other federal contracts (outside of the DoD) use CMMC?The initial implementation will only be for the United States Department of Defense (DoD) and will be implemented through clause 252.204-7021.
-
Why was the CMMC created?The United States Department of Defense (DoD) is migrating to a new structure to assess and improve the postulated cybersecurity of the DIB sector.
-
Who are the C3PAO organization?The C3PAO is an organization accredited and authorized by the CMMC-AB focused on evaluating and advising companies.
-
Who will conduct the CMMC assessments?Only authorized and accredited C3PAOs that are registered on the CMMC-AB Marketplace page can advise on the CMMC.
-
Can I certify my organization?No, you cannot certify yourself with the CMMC. If it is recommended that you verify your level of maturity before scheduling an official appointment. You can create a free account and complete the Project Spectrum questions to find out the status of your organization.
-
What is the cost of the CMMC certification?The cost of a CMMC certification depends on several factors that change depending on the level the organization wants to achieve.
-
How often do I have to renew the certification?A CMMC certification is valid for approximately three (3) years.
bottom of page