Réservez votre démo
Langue
Trust Center Data Protection ISMS QMS Sustainability AI SoftDev Certification CMMC FedRAMP

Accueil > Centre de confiance > CMMC

Cybersecurity Maturity Model Certification Project

A U.S. Department of Defense (DoD) program that requires contractors to implement and verify cybersecurity practices before handling sensitive defense information.

Enhancing your cyber protection standards

Streamlines cybersecurity into three levels aligned with well-known and widely accepted standards.

Perform a gap assessment of our current processes against the requirements of CMMC, Level 2.

Develop a remediation plan and implement to address any gaps.

Undergo an audit / self-assessment to verify compliance to CMMC, target is late 2027.

Illustration de cybersécurité numérique pour l’évaluation CyberVadis

Who needs CMMC

  • DoD prime contractors
  • Subcontractors handling FCI or CUI
  • Any organization storing, processing, or transmitting DoD data

Key requirements

  • Implement required security controls for your level
  • Document policies, procedures, and system boundaries
  • Maintain a System Security Plan (SSP)
  • Track gaps with a POA&M (Plan of Action & Milestones)
  • Perform regular assessments and annual affirmations
Analyste EcoVadis examinant la performance et la documentation ESG

CMMC 2.0 Levels

Level 1 – Foundational

  • Focus: FCI (Federal Contract Information)
  • ~15 basic security practices
  • Based on FAR 52.204-21
  • Self-assessment only
  • Annual affirmation required

Level 2 – Advanced

  • Focus: CUI (Controlled Unclassified Information)
  • 110 controls aligned to NIST SP 800-171
  • Assessment type depends on contract: Self-assessment or 3PAO audit
    • Some: self-assessment
    • Others: third-party (C3PAO)
  • Required every 3 years + annual affirmation

Level 3 – Expert

  • Focus: High value / critical programs
  • Based on NIST SP 800-172 (enhanced controls)
  • Government-led assessments
  • Highest security rigor
Évaluation des opérations responsables avec des icônes de gouvernance numérique

Assessment types & relationships

  • FedRAMP Moderate → Often required for cloud services handling CUI
  • Third-party assessment (C3PAO) (most Level 2)
  • Government assessment (Level 3)

Relationship to other standards

  • NIST SP 800-171 → Core for Level 2
  • NIST SP 800-172 → Builds on Level 2
  • FedRAMP Moderate → Often required for cloud services handling CUI

Key Takeaways

  • CMMC ensures compliance with cybersecurity requirements for federal contracts
  • Levels build progressively from foundational to expert
  • Most companies targeting DoD work need Level 2
  • Preparation takes time: controls, documentation, and audits

Contrôlez vos données et gérez la transformation numérique avec la plateforme informatique de laboratoire intégrée de premier plan.

LabVantage Solutions
Leader Frost Radar 3 ans de suite
Linkedin-in Facebook-f Youtube
©2026 LabVantage Solutions Inc. Tous droits réservés.

Politique de confidentialité | Politique de cookies | Plan du site