CMMC
All DoD contractors and subcontractors, i.e. service providers, bidding on future contracts or renewing existing contracts will be required to obtain a CMMC certification prior to contract award. Contractors will require either a Level 1 attestation with requirement for self-assessment or Level 2 or Level 3 attestation with requirement for assessment by a C3PAO. The DoD contract will specify which level of compliance the contractor needs to meet.
CMMC accelerators
The CMMC solution has two accelerators. One is built on the VRM module and the second one is built on the IRM platform. The accelerator will help Defense Industrial Base subcontractors meet DoD cyber requirements.
Key features include:
• FedRAMP 800-71 content with authority documents and citations
• Automated assessments with scoring for CMMC Tier 1 and Tier 2 assessments
• Assist with DFARS 7012 assessments
• Automate Vendor assessments required for CMMC

Recent Webinar
Explore CMMC: Automation of NIST 800–171 Assessments and Vendor Questionnaires Using Servicenow
- Explore how the CMMC impacts contractual flow down of information working with contractors and subcontractors.
- Examine how vendor risk managers can easily assign a NIST 800-171 questionnaire to all in-scope vendors, monitor their responses and track progress towards compliance.
- Discuss Supplier Performance Risk System (SPRS) scores.
- And more…

The Optimal Path

Streamed-lined Guidance

Faster Time to Market

Continuous Compliance
Additional Resources
Explore these resources to gain an in-depth understanding of FedRAMP’s compliance standards and streamline your approach to securing federal information systems.