Cybersecurity Maturity Model Certification

As of July 1, 2020, the Department of Defense (DoD) is requiring all subcontractors to possess a certification known as the Cybersecurity Maturity Model Certification (CMMC). The purpose of the CMMC is to enhance the protection of sensitive data by ensuring the defense supply chain is protected from security breaches.

Elliott Davis intends to become accredited to perform the certification on behalf of the DoD and has the capabilities and services to get your business compliant. Now is the time to assess and prepare.  Without CMMC certification, subcontractors will not be eligible for new DoD contracts after July 1, 2020.


Elliott Davis CMMC Services

  • CMMC Readiness
  • Maturing from one CMMC level to the next
  • Gap analysis
  • Control Selection and Tailoring
  • Control Implementation guidance
  • Develop System Security Plan (SSP)
  • Develop Plan of Action and Milestones (POA&Ms)
  • Audit ready artifacts


The CMMC model was derived from cybersecurity best practices from various cybersecurity standards and frameworks. To quantify compliance and program adoption of these processes and practices, the CMMC includes a certification process that measures maturity over five levels. The levels are cumulative, so for an organization to achieve a specific CMMC level it also must have achieved the preceding levels below it. The DoD will specify the required CMMC level in Requests For Information (RFIs) and Requests for Proposals (RFPs)

Related News