window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'UA-72416617-1');

Cybersecurity Maturity Model Certification (CMMC)

Navigate to:Home:Cybersecurity Maturity Model Certification (CMMC)

Cybersecurity Maturity Model Certification (CMMC)

By: Dean Dorton | May 8, 2020

Dean Dorton's expert technology professionals are now assisting businesses with the CMMC readiness assessment. Saving businesses time, and ensuring that businesses are prepared for upcoming CMMC deadlines.

Cybersecurity | Technology

In an effort to focus on security and resiliency, the Department of Defense (DoD) is working with various industries to enhance the protection of the following types of unclassified information within the supply chain:

Federal Contract Information (FCI)

Controlled Unclassified Information (CUI)

FCI is information provided by or generated for the Government under contract not intended for public release. CUI is information that requires safeguarding of dissemination controls pursuant to and consistent with laws, regulations, and government-wide policies.

DoD Approach

Contractors working with FCI or CUI will be required to be certified based on one or more of the five CMMC maturity levels. The levels are as follows:

At a minimum contractors will need to be Level 1 certified. If a contract requires a higher level of certification, the contractor is required to meet that level and all lower levels. The levels build on one another. The level requirement will be specified in Requests for Information (RFI) and Requests for Proposals (RFP) coming from the DoD later this year.

DoD Timeline

A CMMC timeline has been established with important milestones scheduled in mid to late 2020. These milestones were established prior to the COVID-19 pandemic and may be revised. For now, the guidance we have is:

Actions You Can Take Now

Until the CMMC Assessor requirements are released, it is not possible to receive a certification. However, due to the timeline contractors are likely not going to have sufficient time to be certified unless preparation begins now. Another important note is self-certification will not be allowed.

Dean Dorton’s IT Audit and Compliance team is working with DoD contractors to evaluate and remediate CMMC compliance so that these contractors are ready for the certification process. The compliance readiness assessments can and will be used to shorten the certification process needed later.

If you have any questions regarding how to prepare for CMMC requirements feel free to contact Kevin W. Cornwell at 502.566.1011 or or Amy Justice at 859.425.7793 or

Have a question? Click here to contact this representative.

Go to Top