CMMC – New cybersecurity standards for contractors to security for sensitive information

Cybersecurity Maturity Model Certification (CMMC) is the Department of Defense’s (DoD) new regulatory compliance model for certifying contractors to ensure that their cybersecurity controls and processes are sufficient to secure the Controlled Unclassified Information (CUI) that resides on the Defense Industrial Base (DIB) system and networks. The purpose of CMMC is to reduce complexity and confusion by consolidating a broad spectrum of regulations and guidelines, such as NIST 800-171, 48 CFR 52.204-21, DFARS clause 252.204-7012, and others.

CMMC Compliance Solutions 3


CMMC Levels of Certification

CMMC categorizes cybersecurity programs based on the level of maturity of their practices and processes.

  • Practices are the technical activities required within a capability requirement. CMMC evaluates 173 practices, and practice tiers range from “Basic Cyber Hygiene” to “Advanced/Progressive”
  • Processes measure the maturity of an organization’s cybersecurity procedures. CMMC evaluates nine (9) processes, and process tiers range from “Performed” to “Optimized”.

CMMC Compliance Solutions 4

What CMMC Level do I need?

The CMMC maturity level your organization must achieve is based on the sensitivity of the information the contractor will work with.

  • Organizations must meet both Practice and Process requirements for the level they wish to achieve.
  • Organizations will have to achieve all requirements for lower levels as well as the level they wish to achieve.
  • CMMC requirements apply to sub-contractors as well. Subcontractors do not need to achieve the same level as the prime contractor, but they will need to achieve the CMMC level that corresponds with the sensitivity of the information they will work with.

CMMC Assessments

CMMC requires external assessments to be completed by Third Party Assessment Organizations (C3PAO’s).   Assessments will determine the contractor’s CMMC level, and contractors who do not meet the requirements associated with the level required by their contract will not be able to do business with the DoD

Are you ready for CMMC?

Fortress CMMC Solutions

  • Fortress Platform Supply Chain Risk Management module mapped to CMMC requirements
  • Fortress CMMC Assessment Prep
    • CMMC Vendor Assessment
    • CMMC Product Assessment
    • CMMC Continuous Monitoring
  • Asset to Vendor Network cybersecurity information exchange

Fortress Solutions Help You Prepare for CMMC Compliance

  • Software Platform
  • Assessments
  • Data & Analytics
  • Information Exchange

CMMC Compliance Solutions 5

Software Platform

Fortress is an Orchestration Platform with modules to manage third party risk and vulnerability risk

CMMC Compliance Solutions 6


Fortress provides vendor and product assessments, resolution and program management. Assessment services can be interchanged throughout the contract.

CMMC Compliance Solutions 7

Data & Analytics

Fortress subscribes to dozens of data sources and has a team of research analysts that enable data-driven solutions and comprehensive monitoring.

CMMC Compliance Solutions 8

Information Exchange

The Asset to Vendor Network is the only exchange that is utility focused, offers royalties and provides both product and vendor assessments.

CMMC Compliance Solutions 9

Get in touch

Want to find out how Fortress can solve problems specific to your business?

Let's connect!

CMMC Compliance Solutions 12

CMMC Compliance Solutions 13 CMMC Compliance Solutions 14 CMMC Compliance Solutions 15

189 S. Orange Avenue, Ste 1950, Orlando, FL 32801
(407) 573.6800


Subscribe to Fortress Newsletter

For breach reports, threat intelligence, regulatory updates, cyber security news alerts and more, sign up to receive the Fortress Newsletter.

No, thanks!