Cybersecurity Maturity
        It's Just a Process

  • What is CMMC and why is it so critical?
  • How will local PTACs help?
  • How can CEOs lead the way?
  • What is required for Level 1 compliance?

Use this Department of Defense template to determine your compliance with NIST SP 800-171 requirements.

Download Assessment Scoring Template



  • Why is DoD pushing CMMC out to industry?
  • What is CMMC exactly and what are the multiple levels?
  • What role will PTACs play in supporting industry?
  • Learn about one CEO's commitment to CMMC compliance
  • First Things First – Achieve CMMC Level 1 with ease

CMMC | Cybersecurity Maturity Model Certification

CMMC is the easy acronym for Cybersecurity Maturity Model Certification, the DOD’s verification mechanism designed to protect Controlled Unclassified Information (CUI) residing on the Defense Industrial Base (DIB) networks. CMMC encompasses multiple maturity levels ranging from “Basic Cyber Hygiene” to “Advanced / Progressive Cyber Hygiene.” Each level is designed to safeguard the federal government’s assets and information from cyber-attacks through direct or indirect DoD suppliers.

Without CMMC, you will not be able to sell to the Department of Defense (DoD).

Sign up below to get immediate access to the eBook v1. We are working on an updated v2 due out April 2020.

Maturity Level Processes

Each CMMC domain has nine standard Processes that detail the maturity of institutionalization for the practices.


Each CMMC practice is aligned to a Capability, which in turn are aligned to a Domain.

In total, across all five (5) CMMC levels, there are eighteen (18) Domains, eighty-five (85) Capabilities, and three hundred and seventy (370) Practices.

Summary (eBook)

Neil McDonnell wrote this eBook to help small business leadership quickly and easily understand the DoD's CMMC requirements. In CMMC Made Easy, he has created easy-to-understand and natural groupings of the official lists to make the information easier to follow.

"It's just a process."

Every business selling to the Department of Defense (DoD) or any of the services must have a Cybersecurity Maturity Model Certification (CMMC) Level 1 or higher.

All federal prime-contractors, subcontractors and suppliers will need to meet this requirement. Without the required certification, you will not be able to sell to the federal government.

DoD expects to include requirements related to CMMC in Requests for Information (RFIs) or Source Sought notices by the summer of 2020. By the Fall of 2020, DoD expects to include specific language in all Requests for Proposals (RFPs).

Where DoD goes, others will follow. We expect other agencies that do not already have something like CMMC, to adopt CMMC into their acquisition requirements. It is not unrealistic for federal contractors and suppliers to see CMMC as a requirement across any agency by 2021.



50% Complete

Two Step

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.