CMMC Certification

Cybersecurity Maturity Model Certification

The Cybersecurity Maturity Model Certification, or CMMC, is a standard for implementation of cybersecurity designed to provide increased assurance to the Department of Defense (DoD) that a Defense Industrial Base (DIB) contractor can adequately protect Controlled Unclassified Information (CUI) at a level commensurate with the risk, accounting for information flow down to its subcontractors in a multi-tier supply chain

CMMC Level 1: 17 Controls.

CMMC Level 2: 72 Controls (includes Level 1 controls)

CMMC Level 3: 130 Controls (includes Level 2 controls)

CMMC Level 4: 156 Controls (includes Level 3 controls)

CMMC Level 5: 171 Controls (includes Level 4 controls)

What is CMMC?

Cybersecurity Maturity Model Certification, or CMMC, is a standard for implementing cybersecurity across the defense industrial base.

Who is CMMC for?

CMMC was created for the Defense Industrial Base (DIB) contractors to protect CUI.

What are the levels of CMMC?

The CMMC has five levels and aligns a set of process and practices with the type and sensitivity of information to be protected and the associated range of threats.

CMMC Level 1: 17 Controls.
CMMC Level 2: 72 Controls (includes Level 1 controls)
CMMC Level 3: 130 Controls (includes Level 2 controls)
CMMC Level 4: 156 Controls (includes Level 3 controls)
CMMC Level 5: 171 Controls (includes Level 4 controls)

How does CMMC certification work?

Once your management system is established, you can start the process of getting it certified with DQS. We will work with you to discuss goals of CMMC certification and get you a detailed quote tailored to the needs of your company.

Project planning begins with the schedule mutually agreed upon dates for your initial assessment(s) and coordinating multiple sites if applicable. An optional gap assessment can also be scheduled to help you identify the strengths and points of improvement in your management system in advance.

The certification process itself begins with review and evaluation of system documentation, goals, results of management review and internal audits. The Stage 2 Audit occurs after the successful Stage 1 Audit. The assigned audit team will assess the client’s management system at the place of production or service delivery. Applying defined management system standards and specifications, the audit team will evaluate the effectiveness of all functional areas as well as all management system processes, based upon observations, interviews, review of pertinent documents and records, and other assessment techniques.

The independent certification function of DQS Inc. will evaluate the audit process and its results, and make an independent certification decision about issuance of the certificate. The client receives an assessment report, documenting the assessment results. When all applicable requirements are fulfilled the client also receives the certificate.

What does CMMC certification cost?

The cost of certification to CMMC is dependent upon many factors, such as size and complexity of your organization. Therefore, each quote is customized based on the information of the company applying for certification.

Why certify to CMMC with DQS?

In preparation for the CMMC certification rollout, DQS created DQS Cyber Security Inc. (DQS CSI), a wholly-owned subsidiary of DQS Inc., to provide^3rd party management system assessments and cyber security certifications focused on the CMMC market. DQS CSI has applied for C3PAO as a Certification Body Provider and is currently able to provide Gap Assessments for companies preparing for CMMC certification.