What Is CMMC?​

A Brief Overview

The Cybersecurity Maturity Model Certification incorporates various cybersecurity standards and “best practices” that are mapped across several maturity levels ranging from:1 (Basic Cyber Hygiene) to 5 (Advanced), each building off of the last.

Each level has associated compliance processes, that, when implemented, will reduce risks against a specific set of cyber threats.

How Does It Work?

A Two-Entity Approach

Auditors​: Independent auditors will conduct evaluations based on the desired CMMC certification level (1-5) and determine if the DoD contractor is compliant. 

Department​ of Defense​: The DoD will measure compliance with the DFARS and NIST requirements to ensure contractors are handling sensitive unclassified information properly.


Cybersecurity Maturity Model Certification (CMMC)
We Need to Go That Way!
Staying Competitive with Cybersecurity Maturity
Model Certification Requirements

The overall goal of CMMC
is to be a unified cybersecurity
standard for the Department of
Defense acquisitions to improve the
cybersecurity posture of
companies and reduce exfiltration
of Controlled Unclassified
Information from the
Defense Industrial Base.​


CMMC Level Overview

Level 1

Demonstrate basic cyber hygiene, as defined by the Federal Acquisition Regulation (FAR). 

Level 2
  • Demonstrate intermediate cyber hygiene.
  • Standard operating procedures, policies, and plans established for all practices.
Level 3
  • Demonstrate good cyber hygiene and effective NIST SP 800-171 Rev. 1 Security Requirements.
  • All activities are reviewed for adherence to policy and procedure and are adequately resourced.
Level 4
  • Demonstrate a substantial and proactive cybersecurity program.
  • All activities are reviewed for effectiveness and management is informed of any issues.
Level 5
  • Demonstrate a proven ability to optimize capabilities in an effort to repel advanced persistent threats.
  • All activities are standardized across all applicable organizational units and identified improvements are shared.

CMMC Timeline

Implementation of CMMC In 2020

Cybersecurity Maturity Model Certification (CMMC)


Contact Sabre On Point to learn more.

Who Is Affected and How?

  • Teams and Subcontracting: Potential for Stricter Vendor Approval Processes With Larger Firms​
  • Small Business Vendors and Start-Ups: Potential Barrier For Entry​
Cybersecurity Maturity Model Certification (CMMC)

Risks of Noncompliance

  • Pass/Fail Evaluation​
    • 21 Additional Controls Beyond NIST SP 800-171; No Falling Back on SSP or POA&M.​
    • Failure Bars You From Work on DoD Contracts.​
    • A Low Score Limits Your Contract Availability.​
  • All Primes and Subs MUST Have a CMMC Certification Prior To Contract Award.​
Cybersecurity Maturity Model Certification (CMMC)

What Major Challenges Are There?

  • Migration to Office 365 GCC High​
  • SIEM Solutions​
  • Backup Solutions​
  • Managing Non-Supporting Hardware/Software​
  • Identifying, Categorizing, and Labelling CUI​
Cybersecurity Maturity Model Certification (CMMC)

Copyright ©2020 - Sabre On Point | Sabre Shield