Cybersecurity Maturity
        It's Just a Process

FREE eBook  

'CMMC Made Easy' A Simple Guide to Help Small Businesses
Understand Cybersecurity Compliance

by Neil McDonnell

CMMC | Cybersecurity Maturity Model Certification

CMMC is the easy acronym for Cybersecurity Maturity Model Certification, the DOD’s verification mechanism designed to protect Controlled Unclassified Information (CUI) residing on the Defense Industrial Base (DIB) networks. CMMC encompasses multiple maturity levels ranging from “Basic Cyber Hygiene” to “Advanced / Progressive Cyber Hygiene.” Each level is designed to safeguard the federal government’s assets and information from cyber-attacks through direct or indirect DoD suppliers.

Without CMMC, you will not be able to sell to the Department of Defense (DoD).

Sign up below to get immediate access to the eBook. Watch for an email as well.

Maturity Level Processes

Each CMMC domain has nine standard Processes that detail the maturity of institutionalization for the practices.


Each CMMC practice is aligned to a Capability, which in turn are aligned to a Domain.

In total, across all five (5) CMMC levels, there are eighteen (18) Domains, eighty-five (85) Capabilities, and three hundred and seventy (370) Practices.

Summary (eBook)

Neil McDonnell wrote this eBook to help small business leadership quickly and easily understand the DoD's CMMC requirements. In CMMC Made Easy, he has created easy-to-understand and natural groupings of the official lists to make the information easier to follow.

"It's just a process."

Every business selling to the Department of Defense (DoD) or any of the services must have a Cybersecurity Maturity Model Certification (CMMC) Level 1 or higher.

All federal prime-contractors, subcontractors and suppliers will need to meet this requirement. Without the required certification, you will not be able to sell to the federal government.

DoD expects to include requirements related to CMMC in Requests for Information (RFIs) or Source Sought notices by the summer of 2020. By the Fall of 2020, DoD expects to include specific language in all Requests for Proposals (RFPs).

Where DoD goes, others will follow. We expect other agencies that do not already have something like CMMC, to adopt CMMC into their acquisition requirements. It is not unrealistic for federal contractors and suppliers to see CMMC as a requirement across any agency by 2021.


Sign up below to get immediate access to the eBook. Watch for an email as well.


50% Complete

Two Step

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.