Cybersecurity Maturity Model Certification (CMMC)

G2 Ops is certified as a Cybersecurity Maturity Model Certification (CMMC) Third-Party Assessment Organization (interim C3PAO) and Registered Provider Organization (RPO) authorized by the CMMC Accreditation Body. We offer a range of CMMC advisory and assessment services to help organizations prepare for and achieve their desired CMMC maturity level.

Cybersecurity Maturity Model Certification (CMMC)

G2 Ops is certified as a Cybersecurity Maturity Model Certification (CMMC) Third-Party Assessment Organization (interim C3PAO) and Registered Provider Organization (RPO) authorized by the CMMC Accreditation Body. We offer a range of CMMC advisory and assessment services to help organizations prepare for and achieve their desired CMMC maturity level.

Cybersecurity Maturity Model Certification (“CMMC")

Cybersecurity Maturity Model Certification (“CMMC”) is a unified cybersecurity standard developed by the Department of Defense (“DoD”) to secure the Defense Industrial Base (“DIB”) and associated Defense Supply Chain (“DSC”). Beginning in the summer of fiscal year 2021, 15 new DoD contracts will include CMMC requirements. By 2026, CMMC requirements will be found in Sections ‘L’ and ‘M’ of all DoD contracts. As such, DIB contractors seeking to do business with DoD will be required to obtain an independent third-party CMMC assessment by an accredited organization to certify their compliance with the applicable CMMC standards.

CMMC Cybersecurity Maturity Levels

CMMC assesses the cybersecurity maturity levels of DIB contractors across five (5) maturity levels, from basic cyber hygiene (Maturity Level 1) to possessing an advanced and progressive cybersecurity program (Maturity Level 5).

Overall, CMMC measures 171 practices and five (5) processes across 17 capability domains as shown below.

CMMC Maturity Levels Breakdown

CMMC ML1 - Basic Cyber Hygiene

  • Minimum requirement to do business with the DoD
  • Practices: 17
  • Processes: Zero (0)
  • Purpose: Assesses your company’s ability to protect Federal Contract Information (“FCI”)

CMMC ML2 - Intermediate Cyber Hygiene

  • Builds on CMMC ML1
  • Practices: 72
  • Processes: 2
    • Procedure documentation – 72 practices
    • Policy documentation – 17 capability domains
  • Purpose: Transition step to protect Controlled Unclassified Information (“CUI”)

CMMC ML3 - Good Cyber Hygiene

  • Builds on CMMC ML2
  • Practices: 130
  • Processes: 3
    • Procedure documentation – 130 practices
    • Policy documentation – 17 capability domains
    • Plan documentation – 17 capability domains
  • Purpose: Assess your company’s ability to protect CUI

CMMC ML4 – Proactive Cyber Hygiene

  • Builds on CMMC ML3
  • Practices: 156
  • Processes: 4
    • Procedure documentation – 130 practices
    • Policy documentation – 17 capability domains
    • Plan documentation – 17 capability domains
    • Review/Measure Effectiveness (Quality Assurance) – 17 capability domains
  • Purpose: Transition step to protect CUI and reduce risk of Advanced Persistent Threats (“APT”)

CMMC ML5 - Advanced/Progressive Cyber Hygiene

  • Builds on CMMC ML4
  • Practices: 171
  • Processes: 5
    • Procedure documentation – 130 practices
    • Policy documentation – 17 capability domains
    • Plan documentation – 17 capability domains
    • Review/Measure Effectiveness (Quality Assurance) – 17 capability domains
    • Standardize/optimize CMMC approach across all applicable organization units
  • Purpose: Assess your company’s ability to protect CUI and reduce risk of APTs)

CMMC Third-Party Assessor Organization ("C3PAO")

G2 Ops is a CMMC Third-Party Assessor Organization (“C3PAO”) Candidate and Registered Provider Organization (“RPO”). As an RPO, G2 Ops is authorized to provide tailored CMMC readiness and security compliance solutions to advise customers on how to advance their cybersecurity program to meet the DoD’s regulatory compliance objectives. Specifically, we deliver CMMC consulting and support to Organizations Seeking Certification (“OSC”) within the DIB.

CMMC Auditing and Compliance Assessment Services

G2 Ops has been selected by the CMMC Accreditation Body as a Cybersecurity Maturity Model Certification (CMMC) Third-Party Assessment Organization (“C3PAO”) candidate and Registered Provider Organization (“RPO”). As such, G2 Ops supplies organizations with the advisory and assessment tools needed to achieve their desired level of CMMC maturity.

G2 Ops’ Registered Practitioners (RP) perform CMMC Pre-Assessment Readiness Reviews (“PARR”) to prepare Organizations Seeking Certification (“OSC”) for CMMC assessment at Maturity Levels 1, 2, or 3 (ML1–ML3). The PARR involves CMMC assessment scope definition and documentation, as well as guidance and support for the collection of objective evidence (OE) that is required by OSCs to demonstrate sufficient adoption of CMMC practices and processes.

To inquire about G2 Ops’ CMMC Readiness Services, call us at 757.965.8330 or contact us today.