Get Certified to Win Defense Contracts
The CMMC program is designed to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) shared with defense contractors and subcontractors across the defense industrial base (DIB) by enforcing the use of certain cybersecurity processes and tools.
The three levels of CMMC certification are:
Level 1: Foundational Cyber Hygiene
Contractors and subcontractors handling only FCI data (no CUI data) will require a Level 1 certification, which includes 15 practices and a self-attestation of compliance.
Level 2: Advanced Cyber Hygiene
Our team expects the award of many future DoD contracts to require Level 2 certification. Level 2 includes 110 practices aligned with the NIST SP 800-171 framework. Many contract awards at Level 2 are expected to require a formal third-party assessment by a CMMC Third-Party Assessor Organization (C3PAO). Select programs will allow for self-attestation at Level 2.
Level 3: Expert Cyber Hygiene
Contracts that include the sharing of particularly vital CUI will require level 3 certification, “Expert Cyber Hygiene.” Level 3 builds on Level 2, consisting of 134 requirements – 110 from NIST SP 800-171 and 24 from NIST SP 800-172. We expect a small fraction of contracts to require compliance with this level.
The Department of Defense (DoD) estimates that companies will need at least six months to prepare for formal assessments and certification. Certification requirements extend beyond implementing security practices and include documenting the regular completion of certain practices over a period of months.
Fill out the form to the right to download our guide, and contact our team to help you navigate the process and implement necessary changes. Learn more about Dewpoint’s Complete CMMC Guide & Compliance Checklist 2025 Edition.
Our team of Cyber AB Registered Practitioners will answer your questions about CMMC compliance. Whether your business is required to meet Levels 1, 2, or 3, our experts can assess your current cybersecurity posture and what adjustments are necessary to pass your official C3PAO assessment.
Dewpoint’s Registered Practitioners have over 60 years of combined IT industry experience and have conducted cybersecurity assessments for organizations of all sizes, from prime contractors to small- and mid-size subcontractors.
IT assessments are a pillar of Dewpoint’s services. Before making recommendations regarding security, infrastructure, applications, or other IT needs, we like to perform an assessment to understand your people, processes, and technology.
The biggest value our team provides is the ability to help you and your team implement missing controls to comply with your level of CMMC. Our team can write policies, establish incident response plan, bring in new applications, draft Plans of Action and Milestones, and more.
The Cybersecurity Maturity Model Certification (CMMC) framework is a critical mandate for Department of Defense (DoD) suppliers, aiming to safeguard Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) from …
Achieving CMMC compliance will ensure your company's ability to secure DoD contracts and stay ahead of your competition.
