Our Services

The Cybersecurity Maturity Model Certification (CMMC) is a unified cybersecurity standard required for contractors and subcontractors working with the Department of Defense (DoD). On November 4, 2021, the DoD released CMMC 2.0, revising the previous five-level model to three levels, requiring an independent third-party certification by an accredited organization. Cybersecurity Manager Lizzie Tinker is certified as one of the first Provisional Assessors nationwide for CMMC.

Now is the time for businesses to assess and prepare. The DoD will begin including the CMMC certification as a requirement in some request for proposals (RFP) and all contracts will require the certification by 2026.

The Model

The CMMC model was derived from cybersecurity best practices from various cybersecurity standards and frameworks. To quantify compliance and program adoption of these processes and practices, the CMMC includes a certification process that measures maturity over three levels. The levels are cumulative, so for an organization to achieve a specific CMMC level it also must have achieved the preceding levels below it. The DoD will specify the required CMMC level in Requests For Information (RFIs) and Requests for Proposals (RFPs)

Level 1 – Foundational

Consists of 17 practices and included an annual self-assessment.

Level 2 – Advanced

Consists of 100 practices of the NIST 800-171 and requires certification by a C3PAO.

Level 3 – Expert

Consists of 110+ practices of the NIST 800-171 and is currently in development. Certification will be led by government assessments.

Here’s How We Can Help

• CMMC Readiness
• Control Implementation Guidance
• Control Selection and Tailoring

• Develop Plan of Action & Milestones (POA&Ms)
• Develop System Security Plan (SSP)
• Gap Analysis

Our Team

Kyle Herron


Jimmy Buddenberg


Lizzie Tinker

Senior Manager

Christopher Duram

Senior Manager Penetration Tester

Case Studies

Additional Resources


CMMC: Navigating the Complexities

Jan 25th, 2021

Have you received the dreaded supplier letter to demonstrate compliance with the Cybersecurity Maturity Model Certification (CMMC)?  Are you confused about what next steps your…
Read More


An update on CMMC Certification

May 20th, 2020

On May 18, 2020, The CMMC-AB (Cybersecurity Maturity Model – Accreditation Body) released an update on the current state of the CMMC roll out. During…
Read More


Delaying CMMC Compliance is a mistake. Here’s…

Apr 29th, 2020

Many organizations are struggling with prioritizing strategic initiatives in light of the COVID-19 pandemic and its impact on the workforce. One initiative that needs to…
Read More

Contact Our Team

  • By using the contact forms on our website, no professional relationship is established until you speak directly with an Elliott Davis professional to confirm such relationship. By submitting a message through our website forms, you agree that you have read and agree to the full terms and conditions of our website.