Get started on your CMMC requirements with 360IT PARTNERS

Simply fill in the form and we’ll get back to you as soon as possible

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

What is CMMC?

The Cybersecurity Maturity Model Certification is a standard that was created to protect and secure the Department of Defense (DoD) supply chain. Every DoD subcontractor, no matter the level of involvement, will need to obtain a certification to continue working with the DoD. The primary goal of CMMC is to protect Controlled Unclassified Information (CUI) which is defined as unclassified information requiring protection as identified in a law, regulation or government wide policy. In other words, if it is information that can be exploited to harm the DoD, it is classified as CUI.
The CMMC model uses the basic safeguarding requirements for CUI as the Federal Acquisition Regulation (FAR) Clause 52.204-21 and the security requirements for CUI as specified in NIST 800-171 / DFARS.
Katie Arrington, the Chief Information Security Officer, Office of the Under Secretary of Defense for Acquisition and Sustainment, gives an excellent overview of CMMC Compliance in the following video.

What will be required of DoD Subcontractors?

The CMMC measures cybersecurity maturity according to five levels. Each level aligns a set of processes and practices with the type and sensitivity of the information that needs to be protected and the associated risks. A brief overview of the five levels is included below.
The CMMC model consists of 17 domains or control families. The “Practices and Processes” mentioned in the levels graphic above refer to numerous controls in the following domains. The majority of these domains originate from the security-related areas in the Federal Information Processing Standards (FIPS) Publication 200 [12] and the related security requirements families from NIST SP 800-171 [4]. A brief overview can be found in the table below. Click each domain to expand and show capability information.
You probably have a lot of questions about when this is all happening. We have summarized the 2020 CMMC timeline below to help you better understand when CMMC will go into effect, when a certification will be required, etc. After the auditors are trained in Q3 of 2020, the DoD will begin what they call “pathfinder” contracts. These initial “test audits” will help the DoD determine if there are changes that need to be made to the CMMC requirements before formal audits begin for DoD subcontractors.

DOD Contractors must obtain CMMC by May 2023

The DOD has recently announced their plan to have the CMMC rule in place by May 2023 and CMMC requirements into DOD contracts by July 2023. This means that any customers who handle, transmit, process or store CUI will need to have passed an accredited third party C3PAO assessment or risk the ability to bid on future contracts. It usually takes 6 months to reach Level 3 certification. 360IT Partners has a proven roadmap to help your business achieve and maintain CMMC. Contact us today for a free consultation.

The 2020 CMMC Roadmap



  • Establishment of Accreditation Body
  • Completion and release of v1.0



  • Establishment of Marketplace


  • Initial RFIs (Request for Information)



  • Potential CMMC update
  • Initiation of CMMC 101 training for level 1–3
  • Test audits


  • Initiation of CMMC 101 training for level 4–5



  • Initial RFPs (Request for Proposal)

How does one achieve CMMC Compliance?

360IT Partners has extensive experience with helping companies align their processes and cybersecurity practices with the NIST 800-171 standard. Our Governance, Risk and Compliance solution offering (GRC Shield) includes a 3 phased approach which is highlighted below. Click each phase below for further details.

The Proof is in the Process

360IT Partners has helped many local companies in the area achieve DFARS Compliance and prepare for CMMC Compliance. See what Kitco Fiber Optics had to say about their experience with our GRC Shield solution!

When we learned of the impact DFARS Compliance, now CMMC, would have on our technology, we called on 360IT Partners for help! We drew on the strength of our partnership and they have been there guiding us every step of the way. With their leadership and experience, Kitco Fiber Optics was able to achieve and maintain Compliance. Their team of experts broke everything down into an easy to understand and phased approach that was simple for us to understand. Now that the final draft of CMMC has been released, we feel very confident that when we are called upon for our first audit, we will have our technology in order and plan on passing! We are very happy with our decision to work with 360IT Partners!

Scroll to Top