CMMC 2.0 — Now in Effect

Is Your Defense Contract
at Risk?

Find out exactly where you stand — free 5-minute readiness check for small DoD contractors.

CMMC 2.0 is now required for all contractors handling Controlled Unclassified Information (CUI)
Non-compliance can disqualify you from contract renewals and new awards
Most small contractors can achieve Level 1 or Level 2 without a full-time IT team

Get Your Free CMMC Readiness Checklist

30 seconds. 3 fields. Checklist downloads instantly on the next page.

📄

Instant download: CMMC Readiness Checklist (PDF) The 27-point checklist used by DoD contractors to prepare for CMMC assessment — yours free on submission.

What Is CMMC 2.0 and Do You Need It?

The Cybersecurity Maturity Model Certification (CMMC) is a Department of Defense requirement that applies to any company in the defense supply chain that handles Controlled Unclassified Information (CUI) — including subcontractors and suppliers.

      Bottom line: If your company has a DoD contract — or bids on one — and you process, store, or transmit CUI, CMMC compliance is now required. Non-compliance means you cannot be awarded or renew a DoD contract.
    

There are three certification levels, depending on the sensitivity of the information you handle and your contract requirements:

Level 1

Foundational

17 basic cybersecurity practices. Annual self-assessment. Most small contractors handling only FCI (Federal Contract Information) fall here.

Level 2

Advanced

110 practices aligned with NIST SP 800-171. Third-party assessment required for most contracts involving CUI. Affects the majority of DoD contractors.

Level 3

Expert

130+ practices. Government-led assessment. Required only for contractors supporting the most critical defense programs.

Not sure which level applies to you? Fill out the form above — we'll help you figure it out and connect you with a specialist who works with businesses your size.