CMMCCybersecurity Maturity Model Certification

Building Trust in the CMMC Assessment Ecosystem

Vendor Review

Elevate Your Cybersecurity Posture from Basic to Advanced

Every organization that receives grants or contracts from the US Department of Defense (DoD) is required to meet CMMC requirements. The CMMC combines various cybersecurity standards and best practices in an effort to ensure all contractors are successfully protecting sensitive information and are capable of adapting to new and evolving cyber threats.

CMMC 2.0 Is Coming—We Can Help You Prepare

CMMC 2.0 Regulation Guidance

You may be confused about the DoD contract requirements for moving to a CMMC 2.0 program. We have the answers to your questions about when and how this will impact your organization, so you can stay compliant.

Customer-centric Approach

We understand the unique needs and challenges facing your organization and provide exceptional customer care to exceed your expectations.

Partnering as an Extension of Your Team

We view ourselves as your partner. When you work with CampusGuard, you get to know our team on a first-name basis. Our representatives are always available to support you however you need.

CMMC Compliance Checklist

The process to reaching your desired level of CMMC Compliance can be cumbersome. CampusGuard is here to guide your organization through the nuances, but here are some steps to get you started:

  • Decide on Maturity Level

    The type of information your organization handles and the size and sensitivity of the contracts in which you plan to participate will help you to establish which level of CMMC compliance you must achieve.
  • Determine Where Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) Is Stored

    Finding where your organization is currently storing, using, or transmitting this data will help you better design a cohesive environmental scope.
  • Build an Environment for FCI and CUI

    Through the use of physical and logical separation, your organization will need to confine the spaces where FCI/CUI is stored, access, and shared.
  • Create Documentation Around Your Scope

    Complete documentation regarding the scope of your environment, exactly what falls into that scope, and who is responsible for each control within your System Security Plan (SSP) will need to be produced to your assessor.
  • Develop Staff Training on Best Practices

    During the process of developing your CMMC strategy, your organization will establish new policies for the use of FCI/CUI. All employees involved with the use of this information will need to be trained on these policies.
  • Conduct Assessment

    Assessing your SSP is the best way to find gaps in coverage and document your future plans to readdress them with a Plan of Action and Milestones (POAM).

Why Choose CampusGuard?

At CampusGuard, we specialize in the complexities and diverse environments of campus and community-based organizations. Our dedicated team prides itself on our expert accreditation, staying updated on the latest trends, and working alongside our clients with a personal approach.

$ 9.5 T

Estimated cost of cybercrime in 2024 (1)


Companies within the Defense Industrial Base (2)

88 %

Of contractors have experienced loss from a cyber-incident (3)

Our Experts Are Ready to Assist

As a CMMC Registered Provider Organization (RPO), CampusGuard is focused on assisting Organizations Seeking Certification (OSC’s) to prepare for CMMC 2.0 readiness.

Get Started Today

Top CMMC Frequently Asked Questions

CMMC, or Cybersecurity Maturity Model Certification, is a framework created by the US Department of Defense (DoD) to ensure that companies and organizations that work with the DoD have appropriate cybersecurity controls and practices in place to protect sensitive information.

The CMMC framework consists of five levels of cybersecurity maturity, with Level 1 representing basic cybersecurity hygiene and Level 5 representing advanced cybersecurity practices. Each level has a set of specific security requirements and processes that must be met in order to achieve certification.

CMMC certification is required for all organizations that do business with the DoD, including contractors and subcontractors. The certification process involves a third-party assessment of the organization's cybersecurity practices and controls, and certification is required for organizations to bid on and win contracts with the DoD.

All organizations that do business or receive grants with the United States Department of Defense (DoD) need to obtain CMMC certification if they want to be eligible to bid on and win DoD contracts. This includes prime contractors, subcontractors, suppliers, and vendors.

The CMMC certification requirement will be phased in over time, with DoD contracts starting to require certification at different levels beginning in 2021. DoD contractors and subcontractors should check with their contracting officers to determine when their contracts will require CMMC certification and at what level.

Failing to be certified to the appropriate CMMC maturity level will disqualify an organization from being awarded defense contracts or research grants that include the CMMC requirement and could put DoD grant funding at risk for your institution.

In addition, non-compliance with the CMMC framework could also result in other consequences, such as increased cybersecurity risk, loss of customer trust, and potential legal and financial liabilities.

It's important to note that becoming CMMC compliant can be a complex and time-consuming process, depending on your organization's current cybersecurity practices and the level of certification required. Therefore, it's important to start planning and implementing the necessary changes as soon as possible to ensure that your organization is prepared to meet the CMMC requirements.

According to the DoD website, "The publication of materials relating to CMMC 2.0 reflects the Department’s strategic intent with respect to the CMMC program; however, CMMC 2.0 will not be a contractual requirement until the Department completes rulemaking to implement the program. The rulemaking process and timelines can take 9-24 months. CMMC 2.0 will become a contract requirement once rulemaking is completed."

CMMC 2.0 eliminates Level 2 (Intermediate) and Level 4 (Proactive) from CMMC 1.0. CMMC Model 2.0 has three levels that connect to existing federal requirements that are already in place:

    • Level 1: Foundational is aligned with FAR 52.204-21: Basic Safeguarding of Covered Contractor Information Systems (for companies with FCI only).
    • Level 2: Advanced is aligned with NIST SP 800-171: Protecting CUI in Nonfederal Systems, and also requires compliance with FAR 52.204-21 (for companies with CUI).
    • Level 3: Expert is aligned with NIST SP 800-172: Enhanced Security Requirements for Protecting Controlled Unclassified Information, and also requires compliance with FAR 52.204-21 and NIST SP 800-171 (for the highest priority programs with CUI).
Article CMMC

CMMC for Higher Education

For colleges and universities involved in R&D, the switch from DFARS to The Cybersecurity Maturity Model Certification (CMMC) is big news. But just what is it, what is the impact on DoD contracts, and how does it fit in with information security?

Read More about the CMMC for Higher Education