Actionable feedback on your company’s cybersecurity practices
Explanations of requirements at each level of certification
Examples of effective responses for the audit
Tips for organizing your supporting documentation
How It Works
CMMC represents best-practice cybersecurity standards that many suppliers will need to satisfy to provide services or products to the DOD. Because understanding the requirements and timelines is crucial, Dun & Bradstreet and QOMPLX developed a comprehensive CMMC Pre-Assessment. Informed by former government security auditors, our CMMC Pre-Assessment walks you through each control measure to understand what will be needed for certification and how to address it. A comprehensive summary of your input is generated, and that report may be provided to auditors as part of your certification effort.
Prepare for all levels of certification
CMMC is the U.S. Department of Defense’s new Cybersecurity Maturity Model Certification. CMMC will require that many contractors, primes and subs, establish protocols to protect Controlled Unclassified Information (CUI), Federal Contract Information (FCI), and other data, network, and systems of the Defense Industrial Base (DIB) sector. Previously, companies could self-certify compliance with the appropriate Defense Federal Acquisition Regulations (DFARs). CMMC will require many companies to pass an audit conducted by a certified third-party assessment organization (C3PAO) for one of five levels of CMMC compliance, corresponding to different cybersecurity processes and practices.
Corresponds with the 17 basic cybersecurity processes that must be performed to protect FCI in NIST SP 800-171 Rev 2 and 48 CFR 52.24-21.
Corresponds to 72 cybersecurity requirements including all 17 Level 1 practices. Focus is on establishing and documenting practices and policies for compliance.
Corresponds to 130 cybersecurity processes including all Level 1 and 2 requirements. The organization must demonstrate the ability to implement 800-171 requirements and manage ongoing policies and processes.
Corresponds to 156 cybersecurity practices including all Level 1, 2 and 3 requirements, which must be reviewed and measured for effectiveness. Adds ability to defend CUI from APT-style attacks. Adds controls from NIST SP 800-171B.
Corresponds to 171 cybersecurity processes, including all Level 1, 2, 3 and 4 requirements. Focus is on the protection of CUI from APTs and the increased depth and sophistication of cybersecurity capabilities.
Who should use the Pre-Assessment?
Whether you are going for Level 1 certification (Basic Cyber Hygiene), Level 5 (Advanced/Progressive) or anywhere in between, doing a Pre-Assessment will help your organization identify possible areas of cybersecurity concern and need for improvement. Based on the information and parameters you enter into the Dun & Bradstreet/QOMPLX assessment, you will receive feedback that shows your level of CMMC preparedness. This can help you determine whether to start the certification process for the CMMC level you have set as a goal, or whether to address cybersecurity problem areas and shore up internal processes prior to beginning your assessment.
Our Pre-Assessment is ideal for small to mid-sized companies who don’t have large internal cybersecurity teams or for organizations that are looking to jump-start the CMMC process and want to assess their baseline certification readiness.