Cyberleaf Cookies Policy

We use cookies to improve user experience and analyze website traffic. By clicking “Accept,“ you agree to our website's cookie use as described in our Cookie Policy.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Powered by Cookieyes logo

Cybersecurity Maturity Model (CMMC) Advisory And Assessment

Get CMMC Compliant

Using automated systems, process, controls with prepared forms and templates we make this process clear, straightforward and accountable with results to meet your CMMC compliance requirements.

Now as a candidate Certified Third Party Assessment Organization (C3PAO), Cyberleaf's Provisional Assessors will be able to complete your CMMC assessment.
 Learn More
Two professionals look at a laptop together with computing machines in the background

What Are CMMC, RPO, And C3PAO?

Cybersecurity Maturity Model Certification (CMMC) Compliance

The Cybersecurity Maturity Model Certification, introduced by the Department of Defense (DoD) in 2019, requires suppliers and contractors to pass a third-party audit of their cybersecurity readiness or risk losing their ability to compete for and deliver on certain DOD contracts. When fully operational, the CMMC would be mandatory for all entities doing business with the DoD at any level, including flowdown provisions to lower tier contractors.

 All contractors and suppliers, primes and subs are required to:

  • Establish protocols to protect Controlled Unclassified Information (CUI), Federal Contract Information (FCI), and other data, network, and systems of the Defense Industrial Base (DIB) sector. 

  • Meet one of the CMMC trust levels and 

  • Demonstrate that cybersecurity has been sufficiently implemented through the completion of independent validation activities. 

In November 2021, the Department announced “CMMC 2.0,” an updated program structure and requirements designed to achieve the primary goals of the internal review:

  • Safeguard sensitive information to enable and protect the warfighter

  • Dynamically enhance DIB cybersecurity to meet evolving threats

  • Ensure accountability while minimizing barriers to compliance with DoD requirements

  • Contribute towards instilling a collaborative culture of cybersecurity and cyber resilience

  • Maintain public trust through high professional and ethical standards

With its streamlined requirements, CMMC 2.0 aimed to cut red tape for small and medium sized businesses, set priorities for protecting DoD information, and reinforce cooperation between the DoD and industry in addressing evolving cyber threats.

CMMC 2.0 requires contractors to meet one of three compliance levels:

Chart illustrating CMMC compliance levels for CMMC 2.0

Advisory Services: CMMC-AB Registered Provider Organization

With Registered Practitioners on staff, Cyberleaf has the necessary certifications, resources, and cybersecurity expertise to enable you to successfully prepare for your CMMC Compliance Assessment. Our staff can guide your team through:

Understanding CMMC Requirements
Evaluating Current CMMC Readiness
Developing Compliance Plan
Implementing Changes to Procedures
Completing Pre-assessment Evaluation
Depending on the level of CMMC Compliance sought, your organization will need to comply with up to 110 or more practices across NIST SP 800-171 r2 & Rev b, (FAR) 48 CFR 52.204-21 and other practices. We can help!

CMMC Compliance Assessment: Certified 3rd Party Assessment Organization (C3PAO)

Waterleaf (Cyberleaf's parent company) has been cleared by the CMMC-AB as a candidate Certified 3rd Party Assessment Organization (C3PAO). Our staff are certified by the CMMC-AB as Provisional Assessors Level 1-3 and can complete assessments on behalf of the company.

 Learn More

Progressively More Difficult Compliance Obligations

There are three cumulative Certification levels to the CMMC 2.0:

  • Level 1 – focuses on the protection of FCI and consists of only practices that correspond to the basic safeguarding requirements specified in 48 CFR 52.204-21, commonly referred to as the FAR Clause.  (This level has 17 practices and requires annual self-certification.)
  • Level 2 “Advanced” – focuses on the protection of CUI and encompasses the 110 security requirements specified in NIST SP 800-171 Rev 2. This level requires third party certification.
  • Level 3 “Expert” – Level 3 will be based on a subset of NIST SP 800-172 requirements. Details will be released at a later date.

Learn More

Cyberleaf is an expert in the requirements for CMMC compliance and can guide you on your journey. In addition, Cyberleaf's Cybersecurity-as-a-Service can be a key component in your compliance plan.

 Cyberleaf Cyber-as-a-Service