top of page

CMMC Preparation & Audit

What is CMMC?


Cybersecurity Maturity Model Certification (CMMC) represents the newest standard of cybersecurity defense to which every organization should adhere for basic levels of cyber threat avoidance. Starting in late 2020, all contractors and subcontractors will be required to be certified by a 3rd party auditor in order to provide services to the Department of Defense (DoD).  It is anticipated that non-DoD agencies are likely to adopt this same model for certification as well.

What Does CMMC Cover?


CMMC is a tiered certification program, where each contract will include a tier level appropriate for the work that will take place. Some tiers are more comprehensive than others, with the lower tiers being less demanding than the higher tiers. All tiers maintain the goal of keeping your organization and the DoD safe from nefarious cyber elements.  The big difference in this program is that now contractors and subcontractors must prove their adherence to the requirements.  No longer is self-certification sufficient.

Want to learn more about which tier you fall under? We can help.

Tier 5: Progressive 
Cyber Practices 
(171 Practices)
Tier 4: Proactive 
Cyber Practices 
(156 Practices)
Tier 2: Intermediate Cyber
Hygiene (72 Practices)
  • Adherence to safeguarding requirements specified in FAR 52.204-21 

  • Tier places emphasis on adopting basic cyber hygiene practices

Tier 1:
Basic Cyber
Hygiene (17 Practices)
  • Documentation of standard operating procedures (SOP), policies and plans

  • Tier places emphasis on adopting cyber processes

Tier 3: Good 
Cyber Hygiene (130 Practices)
  • Compliance with all NIST SP 800-171 requirements

  • Threat escalation procedures

  • Activity review to show adherence to SOPs, polices and plans

  • Tier places emphasis on managing the practices and processes

  • Compliance with additional FAR and NIST regulations

  • Able to address attacks from Advanced Persistent Threats (APTs)

  • SOPs, processes and plans are regularly reviewed, and adhered for ever-changing threat environment

  • Tier places emphasis on the review and evolution of processes for a changing environment

  • Responsive and adaptive activities against ATPs across the entire organization.

  • Tier places emphasis on optimizing activities

CMMC Tiers*
*Not All Inclusive
How Can USG1 Help?


As contractors ourselves, our immediate reaction to the CMMC program is how will small to medium sized companies who are not in the technology space going to navigate this?  We immediately thought, "We can help!" and are in an ideal position to do so.  We have been in your shoes and we know how important it is to go into the certification audit worry-free and confident that you can pass.


  • USG1 is here to help you understand the program, no matter where you are starting in your level of cybersecurity knowledge

  • We will perform a Gap/Fit of your environment to the various tier levels

  • Create a road map for you to be compliant and stay compliant

  • We will continue to help navigate the ever-changing cyber threat tactics so that you can stay ahead of any attacks


Additionally, we will train you and your staff on how to avoid cyberscams and threats directed at your organization. We offer in-person and remote web training options.

bottom of page