DFARS/CMMC Compliance Resource Center

Do you have questions about the Department of Defense’s new Cybersecurity Maturity Model Certification (CMMC) audit? You’re not alone, the path to becoming compliant can be confusing. This resource center is designed to help address questions you have about NIST, DFARS 252.204 7012 compliance, and preparing for a CMMC audit.

As a NIST Consultant, we have extensive experience helping businesses implement the NIST 800-171 cybersecurity framework to comply with DFARS and prepare for CMMC audits. We’ve taken many of the common questions we see companies asking and developed resources to help address them.

Frequently Asked Questions:

What is the National Institute of Standards and Technology (NIST)?

The National Institute of Standards and Technology (NIST) was founded in 1901 and was established to remove major challenges to U.S industrial competitiveness at the time. In today’s world, NIST works with any company acting as a government contractor. The institute publishes a set of guidelines, including the 800 series, that outlines the United States federal government computer security policies.

What is the NIST 800-171 cybersecurity framework?

In 2015, the Department of Defense published “DFARS” which mandated that private DoD contractors adopt cybersecurity standards according to the NIST 800-171 cybersecurity framework. This is part of a government led effort to protect the US Defense supply chain from foreign and domestic cyber threats.

What is the Cybersecurity Maturity Model Certification (CMMC)?

The DoD has released the Cybersecurity Maturity Model Certification (CMMC) to ensure appropriate levels of cybersecurity controls and processes are in place to protect contractor systems. The CMMC will encompass multiple maturity levels that range from “Basic Cybersecurity Hygiene” to “Advanced.” The intent is to identify the required CMMC level in the RFP and use it as a “go/no go” decision when evaluating vendors.

What kind of companies need to become CMMC compliant?

There are approximately 300,000 DoD contractors that are subject to CMMC. The DoD estimates that only 10% meet the standard as released. By FY26, all new DOD contracts will contain CMMC requirements. All DoD contractors should already be at Level 1 as that parallels some existing requirements. Level 3 is going to be the level that most contractors need to achieve to be relevant.

Can my company pass a CMMC Compliance Audit without outside help?

There is a provision for self-audit, but experts do not believe that is wise. The cocktail of services you need to check all the boxes is really complicated to source and manage on your own. Finding a good partner that can provide critical components “as a service” is essential to moving towards compliance in a timely manner.

How do I find a partner to help my company pass our CMMC Compliance Audit?

The best partner is one with a dedicated cybersecurity team and extensive experience conducting CMMC assessments. Security is constantly changing and having a team of dedicated specialists with certifications in the security space can provide the peace of mind needed. Corsica has a team of NIST Consultants available to help, but it’s important you find whoever makes you feel most comfortable.

Request a CMMC Consultation

Guide

A Guide to CMMC Compliance

When it comes to CMMC compliance and control standards, certification is a go/no-go affair. And with DoD contracts on the line, it’s imperative to produce a hygienic cybersecurity environment the first time around.

On-Demand Webinar

NIST 800-171 vs. CMMC – Where to focus and how to prioritize

This on-demand webinar is designed to help guide you in focusing and prioritizing your efforts when it comes to NIST 800-171 and CMMC compliance.

On-Demand Webinar

Understanding the Interim Rule and how it relates to NIST 800-171 & CMMC compliance

This on-demand webinar looks at the CMMC Interim Rule and how to relates to NIST 800-171 and CMMC compliance.

On-Demand Webinar

What are the differences between NIST 800-171 and CMMC compliance?

This on-demand webinar breaks down the differences between NIST 800-171 and CMMC compliance.

Compliance Cheatsheet

CMMC Compliance Cheatsheet

This cheatsheet breaks down CMMC compliance at a high level, covering everything from its history to the fundamentals of compliance.

On-Demand Webinar

How to Navigate CMMC Compliance

You’ll learn the fundamentals of CMMC compliance and receive actionable steps for becoming (and staying) compliant while making your organization more secure.

Compliance Assessment

Request a CMMC Compliance Assessment

Our NIST Consultants perform a detailed assessment to help you meet steep compliance demands and pass your CMMC Certification audit with 100% confidence.

Article

NIST & DFARS Compliance – What You Need To Know

Learn about NIST, the benefits of becoming compliant, and the risks your company faces for not becoming compliant.

Article

What Level of Cybersecurity Do DoD Contractors Need to Meet New CMMC Certification Regulations?

All DoD contractors are expected to be prepared for audits to begin, where third-party auditors will determine the cyber hygiene level your business has obtained. 

article

Corsica Technologies: Navigating CMMC and NIST 800-171

From what’s included in the assessment to assessment cost to the implantation of recommendations, this list of FAQs covers common questions about our CMMC assessments.

Article

DoD Ramping Up Cyber Requirements for Contractors

If your organization is in a position to bid on DoD contracts, take note: the Cybersecurity Maturity Model Certification (CMMC) is on the horizon.