top of page

CMMC – Cyber Security Maturity Model Certification

Protect - Respond - Analyze

The Cybersecurity Maturity Model Certification (CMMC) is a framework designed by the Department of Defense (DoD) to help protect controlled unclassified information within its supply chain. Developed by the DoD, federal stakeholders, and industry professionals, the CMMC provides the Defense Industrial Base sector with a clear set of cybersecurity standards and best practices to follow. Many DoD contractors will have to complete the CMMC prior to bidding on work in the coming months. Understanding the current state of your cybersecurity program and how it measures up against the CMMC framework is the critical first step in this process.

CMMC Domains

The CMMC maps controls and processes across five certification levels, ranging from “Basic Cyber Security Hygiene” to “Advanced.” The CMMC encompasses 43 capabilities spread across 17 capability domains:

  • Access Control

  • Asset Management

  • Awareness and Training

  • Audit and Accountability

  • Security Assessment

  • System and Comms. Protection

  • Configuration Management

  • Identification and Authentication

  • Incident Response

  • Risk Management

  • Situational Awareness

  • Media Protection

  • Personnel Security

  • Physical Protection

  • Recovery

  • Maintenance

  • System and Information Integrity

Learn more about the CMMC capability domains and maturity levels on Department of Defense website.

We have a three step approach to pre-assess your unique environment:

During Phase 1, the Riskcop Advisory team collaborates with you to establish the scope for this assessment, as well as communication methods and a cadence for status reporting. Following this initial step, we coordinate document and interview requests with your team.

  • Clear engagement scope

  • Established communication methods

  • Document and interview requests

Program Analysis

Our team holds both on-site and remote discovery sessions with key stakeholders and subject matter experts within your organization. Following this step, our team builds a current state gap analysis of your policies, procedures, and technologies against industry standards.

Our assessment spans the CMMC’s five maturity levels and 171 technical practices to help you identify your growth areas, address key issues, and advance your program.

  • Analysis of the current condition of your IT infrastructure, business processes, and utilized technologies

  • Identified process inefficiencies and areas for improvement

  • Understanding of the confidentiality, integrity, and availability of business systems

Remediation Strategy

During this phase, we deliver a mapping your current program against the CMMC, which documents identified process inefficiencies and opportunities for improvement. These reports are accompanied by a roadmap for short-term and long-term cyber maturity.

In the final phase of this assessment, our team also communicates the findings of our analysis to your leadership team.

  • Preparations for the eventual CMMC certification process

  • Alignment between cybersecurity priorities and organizational objectives and policies

  • Improved decision-making around the level of risk associated with the current IT environment

  • More efficient resource allocation


Contact our office for more details on this and other readiness services.

bottom of page