Compliance and Audit Readiness Services

DoD Cybersecurity Maturity Model (CMMC)

Cyber Defense Labs has developed a proactive, tailored approach to assist government contractors in tackling Cybersecurity Maturity Model Certification (CMMC) requirements.

Today’s persistent and frequent cybersecurity threats and intrusions have resulted in new standards and regulations requiring companies to assess and proactively address cybersecurity risk in order to conduct business. According to the U.S. Department of Defense, the theft of U.S. intellectual property due to cyber espionage and criminal activity has resulted in $600 Billion per year expelled by our adversaries, $4000 per taxpayer in the United States. 

Beginning in 2020, all companies doing business with the U.S. Department of Defense (DoD) will need to achieve and demonstrate a defined cybersecurity maturity level and be certified as having appropriate cybersecurity controls, adequate processes and acceptable measures in place to protect controlled unclassified information (CUI) in order to compete and be awarded contracts. 

The Department of Defense’s enhanced cybersecurity requirements provide the foundation for a multidimensional, defense-in-depth protection strategy to ensure Department of Defense industry partners have:

1) Penetration resistant architecture,

2) Damage limiting operations, and  

3) Systems designed for cyber resiliency and survivability.

What Defense Contractors Need to Know

The Cybersecurity Maturity Model Certification (CMMC) is a new standard that will replace NIST 800-171 for all future Department of Defense acquisition requirements. CMMC builds upon the NIST 800-171 standard and other regulations to create five levels of certification that accurately reflects the type of cybersecurity controls needed for a company to qualify for a particular contract. The five levels of certification are detailed below:

Level 1: Basic Cyber Hygiene

Level 2: Intermediate Cyber Hygiene

Level 3: Good Cyber Hygiene

Level 4: Proactive

Level 5: Advanced/Progressive

CMMC Certification Process

Organizations seeking to conduct business with the U.S. Department of Defense will need to coordinate directly with an accredited and independent third-party commercial certification organization to request and schedule a CMMC assessment. Cyber Defense Labs supports our clients to ensure they are ready and fully prepared for to meet the certification requirements based on their specific business requirements and the contracting opportunities they are pursuing.  Companies will specify the level of the certification requested based on their specific business requirements and DoD contracts sought.  Contractors will be awarded certification at the appropriate CMMC level only if they are able to demonstrate the appropriate security controls and processes for the required capabilities and organizational maturity required at that specific level of certification.  

How to Prepare

Cyber Defense Labs leverages decades of experience along with in-depth knowledge of the Department of Defense contracting process under the CMMC to deliver phased, tailored, and proactive solutions to keep our partners ahead of their competition and ahead of today’s cybersecurity requirements. We prepare organizations to proactively meet the required conditions and ready their organization for the CMMC maturity audit process. 


CMMC Maturity Levels and Criteria

 The CMMC certification process will review and combine various cybersecurity standards and best practices and map these controls and processes across several maturity levels that range from basic cyber hygiene to advanced. For a given CMMC level, the associated controls and processes, when implemented, will reduce risk against a specific set of cyber threats. 


Cyber Defense Labs Readiness Solution

Cyber Defense Labs partners with our clients to reduce business risk by assessing the unique nature of their business environment, identifying and remediating vulnerabilities, and closing existing security gaps.  The  Cyber Defense Labs process proactively enhances information security and builds resilience in today’s constantly evolving threat environment. We support our client partners in the defense industrial base by enabling them to:

  • Proactively manage cybersecurity risk by conducting strategic Cybersecurity Maturity Model Certification (CMMC) assessments, threat monitoring/alerting, incident response, recovery, and remediation activities.

  • Align with cybersecurity best practices and standards including the Department of Defense Cybersecurity Maturity Model Certification (CMMC), NIST 800-171, CIS Critical Security Controls, ISO 27001, and others.

  • Ensure company policies, procedures and practices provide enforceable governance, enhance data protections, and assure continuity of business.


Cyber Defense Labs' Proactive Process

"Empowering Proactive Resilience"

Cyber Defense Labs has developed a tailored, phased approach to assist government contractors in tackling CMMC requirements.


  • We understand your organization’s current risk profile, assets, strengths, weaknesses, vulnerabilities, threats, partners, regulatory obligations and security program investments by using our own research of proprietary data sources and embedding ourselves with the organization. 
  • We baseline the current controls across operational and risk management capabilities through threat modeling, interactive sessions and plan walkthroughs, gaining powerful insights into the organization’s current and desired future state.


  • We deliver an action-based implementation roadmap of the cyber enhancements  required to ensure the desired state is achieved. 
  • We take transformative action, based upon the defined recommendations. 


  • After the security transformation is implemented and finalized, it is crucial to create an environment of ongoing cybersecurity maintenance, testing and governance. 
  • We provide on-going advisory and governance support that is focused on three critical domains: the data-domain, access-domain, and security-operations-domain. This focus enables organizations to ensure cyber resilience while maintaining full visibility across critical program domains.