CMMC, a major U.S. Department of Defense (DoD) program, is built to protect the U.S. Defense Industrial Base (DIB) from increasingly frequent and complex cyber attacks. The Cybersecurity Maturity Model Certification (CMMC) is designed to protect Federal Contract Information (FCI) (CMMC Level1) and Controlled Unclassified Information (CUI) (CMMC Level 2) which is shared with DoD contractors and subcontractors.

For Government contractors -- known as “Organizations Seeking Certification" (OSC) in CMMC parlance -- the first step in attaining CMMC certification is to obtain Consulting Services from an approved service provider, certified by The Cyber AB organization. The Cyber AB is the official CMMC accreditation body and the sole authorized DoD CMMC partner.

 As stated by The Cyber AB, “There is a lot at stake for organizations seeking CMMC certification – first and foremost the ability to bid and win Department of Defense procurement and acquisition contracts.” 

More  

DoD will begin requiring DIB contractors to achieve CMMC certification at the appropriate maturity level beginning in 2024.

A highly specialized DoD and Intelligence Community (IC) cybersecurity company staffed by cleared, skilled and certified cyber security professionals, Tau Six is poised to help you successfully navigate your CMMC Level 1 and Level 2 assessment process ... now.

Level 1 Certification Quality Check:
Level 1 (Foundational) encompasses the basic cybersecurity hygiene needed to safeguard Federal FCI. There are 17 security controls that must be met to achieve CMMC Level 1, as detailed in Federal Acquisition Regulation (FAR) 52.204.2. For this self-assessment stage, Tau Six provides clients with a optional Quality Check to ensure the client's self-assessment is accurate. Tau Six delivers a complete written report to the client detailing any needed corrections / adjustments as well as documented suggestions on how to best address any deficiencies.
 

Level 2 Consulting:

Per the DoD, CMMC Level 2 (Intermediate) certification requires third party services with a provider such as Tau Six. CMMC Level 2 requirements represent that link between Level 1 and Level 3. Level 2 includes some safeguarding of CUI, enabling the ability to defend against more serious cyber threats. CMMC Level 2 also starts to incorporate the process maturity aspects of the model. A company is expected to perform and document key cybersecurity functions at Level 2. CMMC Level 2 introduces 55 new practices for a total of 72 total practices since it also includes Level 1 requirements. These practices are grouped into 15 different domains. For CMMC Level 2, Tau Six offers the following Consulting Services: Quality Review, Gap Assessment, Action Report to Address , Specialized Consulting to Prepare for CMMC Level 3, Intelligence and Updates on DoD's progress on finalization of CMMC Level 3 requirements and go forward plan of action. 

​​

[Insert new header: What Comes Next]

​

CMMC Level 3 (Expert) is focused on reducing the risk from Advanced Persistent Threats (APTs) and is designed for companies working with CUI on DoD’s highest priority programs. DoD is still determining the specific security requirements for Level 3, but has indicated that its requirements will be based on NIST SP 800-171’s 110 controls plus a subset of NIST SP 800-172 controls.

​