The CMMC Program


To protect American ingenuity and national security information, the Department of Defense (DoD) developed the Cybersecurity Maturity Model Certification (CMMC) 2.0 program to reinforce the importance of Defense Industrial Base (DIB) cybersecurity for safeguarding the information that supports and enables our warfighters.

Once CMMC 2.0 is implemented, contractors will be required to obtain a third-party CMMC Level 2 assessment for a subset of acquisitions that involve information critical to national security. DIB companies will be fully responsible for obtaining the needed assessment and certification, to include coordinating and planning the CMMC assessment.

CMMC Certification Services

Authorized CMMC C3PAO

The DoD has approved voluntary NIST 800-171 (CMMC level 2) assessments through the Joint Surveillance Program.

As an Authorized CMMC 3rd Party Assessment Organization (C3PAO), Cybersec Investments is authorized to conduct NIST 800-171 (CMMC Level 2) assessments through the DoD’s Joint Surveillance Program (JSP). 

We also offer FAR 52.204-21 (CMMC Level 1) 3rd Party Letter of Attestation.

CMMC Readiness Review

Not sure if you are ready for your CMMC assessment? Let us evaluate your organization prior to your CMMC assessment.

CMMC Advisory Services

Our team can help your organization get ready for your NIST 800-171/CMMC Level 2 or FAR 52.204-21/CMMC Level 1 Assessment.  We offer the following services: 

  • Gap assessment – Evaluating your current state of DFARS 252.204-7012 and NIST 800-171 (CMMC Level 2) requirements.
  • Remediation Planning – Assistance in resolving identified existing gaps.
  • Documentation – Assistance with developing policies, procedures, plans, etc. as part of your DFARS 252.204-7012 and NIST 800-171 (CMMC Level 2) compliance journey.

CMMC Assessor's Playbook

Assessor's Playbook

The Assessor’s Playbook© is an editable document and an organized way of providing artifacts to your assessor to help expedite your assessment.

The Assessor’s Playbook© has been “battle tested” and used in a Defense Contract Management Agency (DCMA) Defense Industrial Base Cybersecurity Center (DIBCAC) CMMC Level 2 assessment, which resulted in an overall score of MET.

Scroll to top