top of page

CMMC Preparation & Audit

What is CMMC and how can USG1 help?


Cybersecurity Maturity Model Certification (CMMC) represents the newest standard of cybersecurity defense to which every organization should adhere for basic levels of cyber threat avoidance. Starting in late 2020, all contractors and subcontractors will be required to be certified by a 3rd party auditor in order to provide services to the Department of Defense (DoD).  It is anticipated that non-DoD agencies are likely to adopt this same model for certification as well.


What does CMMC cover?


CMMC is a tiered certification program, where each contract will includes a tier level appropriate for the work that will take place. Some tiers are more comprehensive than others, with the lower tiers being less demanding than the higher tiers. All tiers maintain the goal of keeping your organization and the DoD safe from nefarious cyber elements.  The big difference in this program is that now contractors and subcontractors must prove their adherence to the requirements.  No longer is self-certification sufficient.



*Not all inclusive


Tier 1: Basic Cyber Hygiene (17 Practices)

  • Adherence to safeguarding requirements specified in FAR 52.204-21 

  • Tier places emphasis on adopting basic cyber hygiene practices


Tier 2: Intermediate Cyber Hygiene (72 Practices)

  • Documentation of standard operating procedures (SOP), policies and plans

  • Tier places emphasis on adopting cyber processes


Tier 3: Good Cyber Hygiene (130 Practices)

  • Compliance with all NIST SP 800-171 requirements

  • Threat escalation procedures

  • Activity review to show adherence to SOPs, polices and plans

  • Tier places emphasis on managing the practices and processes


Tier 4: Proactive Cyber Practices (156 Practices)

  • Compliance with additional FAR and NIST regulations

  • Able to address attacks from Advanced Persistent Threats (APTs)

  • SOPs, processes and plans are regularly reviewed, and adhered for ever-changing threat environment

  • Tier places emphasis on the review and evolution of processes for a changing environment


Tier 5: Progressive Cyber Practices (171 Practices)

  • Responsive and adaptive activities against ATPs across the entire organization.

  • Tier places emphasis on optimizing activities


As contractors ourselves, our immediate reaction to the CMMC program is how will small to medium sized companies who are not in the technology space going to navigate this?  We immediate thought we can help and are in an ideal position to do so.  We have been in your shoes and we know how important it is to go into the certification audit worry-free and confident that you can pass.


  • USG1 is here to help you understand the program, no matter where you are starting in your level of cybersecurity knowledge

  • We will perform a Gap/Fit of your environment to the various tier levels

  • Create a roadmap for you to be complaint and stay compliant

  • We will continue to help navigate the ever-changing cyber threat tactics so that you can stay ahead of any attacks


Additionally we will train you and your staff on how to avoid cyberscams and threats directed at your organization. We offer in person and remote web training options.

bottom of page