DOD CMMC Compliance

Cybersecurity Maturity Model Certification

Automated CMMC help


The CMMC is a recent addition that theoretically went into effect November 30th 2020 as a new compliance frameworks for DoD suppliers. 
The CMMC is scaled into five tiers, with each tier building and stacking upon the prior. You can not advance to a higher tier without completing it’s foundation tier.
As of the start of 2021, there are only a handful of accredited CMMC Third Party Assessment Organizations (C3PAO) that can finish the final accreditation check for companies that require that final check.  This has limited adoption availability for the hundreds of thousands of companies this certification affects.
The CMMC is considered simpler to achieve than NIST 800-171 for smaller contributors who are only participating is the lower tiers of the structure.  In it’s entirety, the DoD CMMC is a SUPERSET of NIST 800-171.

If your organization is small, and new to certification, the CMMC will be helpful.  If the organization you are looking for is large, you will want to look into maintaining your existing NIST 800-171, and consider the CMMC as simple as adopting some add-ons. 

Large organizations, if you don’t have the NIST 800-171 yet, focus on that.  Everything will also apply to the CMMC, so you won’t be losing any, or duplicating any effort.  Also larger organizations will be able to benefit from the availability of companies and consultants already familiar with NIST 800-171.

Varpath can help guide you through this process as well as help provide you with a current assessment of where you stand today.  Plus once you get certified, we can help you ensure your certification stays in good standing, for up to three years!  Deviations will be tracked so there are no surprises for you.  Contact us today for help!