CMMC Standard: What is CMMC?

Important DoD Announcement regarding CMMC requirements: On November 30, 2020, the Department of Defense (DoD) issued a final interim rule to strengthen cybersecurity throughout the Defense Industrial Base (DIB). The new rule applies to contracts that incorporate DFARS 252.204-7012, which requires contractors and subcontractors that have access to covered defense information to comply with the NIST Requirements. Under the new rule, these companies need to conduct a self-assessment of their compliance with NIST SP 800-171 requirements and submit the results of that assessment to DoD through the Supplier Performance Risk System (“SPRS”).  The DoD is rolling out CMMC requirements over the next few years.  Core Business Solutions can assist you with a guided self-assessment, SSP, and POAM which are required to enter your information into the SPRS.

The CMMC (Cybersecurity Maturity Model Certification) v1.0 framework was released January 31, 2020.  It is a unified cybersecurity standard for future DoD acquisitions. It was created in an effort to focus on the security and resiliency of the DIB sector according to the OUSD(A&S) and the DoD. Starting in 2021, the DoD is requiring certain contractors to obtain the required level of CMMC certification before they can compete for defense contracts. However, this rollout will occur over several years to encompass all contracts and suppliers. Therefore, the Interim Rule, mentioned above, was put in place.

The CMMC Model measures security at 5 different levels starting at Level 1 with Basic Cyber Hygiene up to Level 5 Advanced/Progressive Cybersecurity.   See the image below:

The CMMC model has 17 domains and each domain has a set of processes and capabilities that apply throughout the 5 maturity levels.

Source: CMMC Model v1.0 Approved for Public Release

CMMC Practice Progression

The majority of small businesses doing business with the DoD that handle CUI (Confidential Unclassified Information) will be required to be certified to Level 3.  Level 3 encompasses all of the NIST SP 800-171 standard plus another 20 practices to meet the “Good Cyber Hygiene” level.

Source: CMMC Model v1.0 Approved for Public Release

powered by BirdEye

Consulting Support for CMMC Compliance

Core Business Solutions offers a modular approach to achieve certification.  We break the requirements down into organizational and technical. We provide training for your organization’s IT Team or MSP (if you outsource your IT needs), training for employees and management so that you implement a sustainable cybersecurity system that meets CMMC requirements at the level you need. 

We assist you in a guided self-assessment, planning with consulting assistance (remote/online or onsite).  We help you develop your System Security Plan (SSP) and Plan of Action and Milestones (POAM) with a Roadmap and a budget for implementation and remediation to work toward certification.  We help you through your 3rd party audit to successful certification. The CORE Security Suite is included to assist you in implementation and maintenance of your certification.

Core Business Solutions has qualified cybersecurity consultants ready to help you achieve compliance. Support for the standards is available through our Online and Onsite Consulting Programs. We also provide consulting support for companies seeking multiple standards (such as ISO 9001 and ISO 27001) through an Integrated Management System.

Our consultants translate the technical language of the standard into Plain English and make it as simple and effective for your organization as possible.

For more information about compliance, please call our consulting office at 866-354-0300, or email

Related standards

• See ISO 27001 for information security management systems

For more information on Cybersecurity please visit our articles page.

We support the following Standards and more...


If you would like any additional information about our ISO certification consulting programs, or would like a quote for any of these options, please give us a call or send a quick email. We’re also glad to answer any ISO questions you may have.


Office hours: 8:00 AM – 5:00 PM Eastern Time

Phone: 866-354-0300