CMMC Compliance

Cyber Maturity Model Certification

The Cybersecurity Maturity Model Certification (CMMC) is a new program introduced by the Department of Defense that will serve as framework to enforce Defense Federal Acquisition Regulation Supplement (DFARS) requirements

Announcement: CMMC Update

The Department of Defense (DoD) has recently announced an updated CMMC model - CMMC 2.0. Included below is some information about the changes in the updated model.

What is the Purpose of CMMC?

The Cybersecurity Maturity Model Certification (CMMC) is a program introduced by the Department of Defense (DoD) that will serve as a framework to enforce Defense Federal Acquisition Regulation Supplement (DFARS) requirements.

The purpose of CMMC is not only to assess and enhance a firm's security posture, but also to protect controlled unclassified information (CUI), federal contract information (FCI), and critical national security information. By improving the security of sensitive data within the Defense Industrial Base (DIB), this will effectively minimize the risk of losing some of our country's most critical and valuable information. As a result, we will be able to maintain an overall stronger national security.

Unlike with other compliance frameworks, certain levels of CMMC require a third-party assessment of your business's environment including policies and procedures in order to certify your firm's level of cybersecurity maturity.

What is CMMC 2.0?

CMMC 2.0 was created in order to make CMMC more affordable, more trustworthy, and align cybersecurity requirements with other federal requirements and widely accepted standards.

The main change that has been made in this update is the overall structure of the model. This new model is currently under public review, and the entire rulemaking process of CMMC 2.0 will take between 9 to 24 months. Until this process is completed, all CMMC requirements are on hold. In the mean time, Bravo recommends that you focus on following NIST SP 800-171 and DFARS, which is the core of the new model, in order to improve your overall cybersecurity posture.



What was once a self-assessment is being transitioned to a third-party assessment system to better determine your company's security standing.

While you can become CMMC compliant in-house, outsourcing by working with a CMMC consultant is the most effective way to tackle becoming compliant. By outsourcing your cybersecurity & compliance efforts to an experienced Registered Provider Organization (RPO) who specializes in CMMC compliance solutions, you can better prepare for certification. We offer a list CMMC services ranging from assessments, policy development, and full remediation ensuring you can focus on what you do best with less downtime.

Levels of CMMC 2.0

The old CMMC model consisted of five levels. However, in the updated CMMC model, the levels have been condensed into only three. As the levels progress, the more complex and mature the posture is. Each level consists of the number of practices and procedures detailed.

The levels are as follows:

LEVEL 1: Foundational

  • Annual self-assessment
  • 17 practices

LEVEL 2: Advanced

  • Triannual third-party assessments for critical national security information
  • Annual self-assessment for select programs
  • 110 practices aligned with NIST SP 800-171

LEVEL 3: Expert

  • Tri-annual government-led assessments
  • 110+ practices based on NIST SP 800-172

Ranging from a foundational cyber hygiene to expert, these levels each entail practices that classify a firm's cybersecurity posture. Any entity that does business with the DoD will need to be CMMC compliance. This includes all prime and subcontractors.

How Bravo Can Help


Bravo helps DIB contractors navigate through the CMMC lifecycle and prepare for CMMC prior to certification, reducing the cost and effort required to achieve compliance. Our industry experts can help pave the way for your digital transformation, all while getting you CMMC compliant.

For more information about the upcoming changes in CMMC 2.0, click here.

If your company needs direction as far as becoming CMMC compliant, don't wait! Fill out the form below to get in touch with our CMMC experts, and start your journey today.

Let Bravo Help You Prepare for CMMC

Bravo Consulting Group Main Logo Owl