top of page

CMMC 2.0

Image by Christian Wiediger

Cybersecurity Maturity Model Certification

What is CMMC 2.0?

The Cybersecurity Maturity Model Certification, or CMMC, is set to be the solution to prioritizing DFARS enforcement while helping small businesses improve their cybersecurity and slow down the criminals responsible for government IT and R&D losses. This new standard will require independent, third-party assessment and is a must for every company doing business with the Department of Defense. The CMMC currently has three maturity levels: 

  • CMMC Maturity Level 1 | Foundational 

  • CMMC Maturity Level 2 | Advanced 

  • CMMC Maturity Level 3 | Expert 


Department of Defense (DoD) Contractors need to identify your desired CMMC level to bid on DoD contracts.

Image by Clint Patterson

Why CMMC 2.0 Matters

The Department of Defense (DoD) identified that the United States, as a country, is losing an average of $600 billion annually in defense intellectual property (IP) to non-friendly countries due to hacking the DoD Industrial Base (DIB) suppliers. The DIB is comprised of over 350,000 small-to-large organizations. The very large defense contractors are few and comprise less than 1% (about 35) of the DIB and these should have very strong information security. The remaining 99% DIB members are ideal targets of the hackers. 

NIST SP 800-53 and NIST SP 800-171 were developed to try and stop this drain of U.S IP. It did not work because it was determined to be a self-compliant method. Over 75% of companies who claimed self-compliance failed. The DoD then made a huge commitment to develop a certification program called the Cybersecurity Maturity Model Certification (CMMC)

ISOP logo


A CMMC Third-Party Assessor Organization (C3PAO) can contract with organizations seeking CMMC certification, hire and train CMMC Certified Assessors (CA), and deliver assessments with CA led teams that includes Certified Professionals (CP). 

ISOP Solutions is registered with the Cyber-AB as a C3PAO candidate, which manages Certified CA-1, CA-3 and (future) CA-5 Assessors. Certified Assessor delivers advice that is based on their rigorous training on what is and is not acceptable during an actual Cyber-AB Certified Assessment. Our CA is currently undergoing training. 

How ISOP Helps Companies with CMMC 2.0 Certification

We’re currently in the process of becoming a C3PAO. Once we become an C3PAO, then we begin assessments of companies up to Maturity Level 2. 

C3PAO Candidate
Smiling Businessman

CMMC Certified Assessors (CA)

ISOP Solutions is looking for Certified Assessors to deliver CMMC assessments, training, and consulting. We have contract positions available for CMMC Certified Assessors to conduct CMMC Assessments and recommend Maturity Level Certifications to our clients.

bottom of page