CMMC Audit Services

At Cyber Protection Services, we want to help DoD Contractors throughout the United States prepare for the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) Audits. We can help by conducting an audit and effectively implementing NIST security controls. Let us help you make sure you are prepared.

  • Level 1

    There are 17 controls that make up CMMC Level 1 and each of those controls are directly mapped to Federal Acquisition Regulation (FAR) 52.204-21. Even though there are only 15 FAR 52.204-21 controls, the CMMC spread that basic coverage to make up 17 CMMC controls. Why? Most likely, it is due to the high-level nature of the FAR requirements, so there was subjective interpretation that made the case for 17 CMMC controls being needed to adequately address the 15 FAR controls. Regardless, CMMC Level 1 is essentially just complying with FAR 52.204-21 under the lens of NIST 800-171.

    A CMMC Level 1 audit will cover 15% of the NIST 800-171 CUI controls.

  • Level 2

    There are 72 controls that make up CMMC Level 2, which encompasses the CMMC Level 1 controls. A CMMC Level 2 audit will cover 65% of the NIST 800-171 CUI controls.

  • Level 3

    There are 131 controls that make up CMMC Level 3, which encompasses the CMMC Level 1 & 2 controls. A CMMC Level 3 audit will cover 100% of the 110 NIST 800-171 CUI controls and adds an additional 21 controls from various sources.

  • Level 4/5

    For CMMC Level 4, there are 156 controls. For CMMC Level 5, there are 171 controls. As you can see, these numbers exceed the 110 CUI controls found in NIST 800-171. CMMC Levels 4 & 5 build off CMMC Level 3 with controls from a range of frameworks:

    • CERT RMM v1.2

    • NIST 800-53

    • NIST 800-171B

    • ISO 27002

    • CIS CSC 7.1

    • Unattributed “CMMC” references that are not attributed to existing frameworks.

1420 Joh Ave, Ste A

Baltimore, MD 21227

(888) 4CyberPro (429-2377)

(Local) (410) 660-2160

©2020 by Cyber Protection Services. All Rights Reserved