CMMC Pre-Assessment

Pre-assessment helps to find cybersecurity gaps before your audit. Solving problems now can shorten your journey to certification.Start Your Pre-Assessment Now
Prepare Your Company for CMMC
To do business with the U.S. Department of Defense (DOD), many suppliers will be required to comply with Cybersecurity Maturity Model Certification (CMMC). Dun & Bradstreet and QOMPLX have partnered for a CMMC Pre-Assessment to help prepare your company for this crucial audit.
efficiencyicon

Actionable feedback on your company’s cybersecurity practices

grow icon

Explanations of requirements at each level of certification

decision icon

Examples of effective responses for the audit

document icon

Tips for organizing your supporting documentation

Watch the video to learn more.

How It Works

CMMC represents best-practice cybersecurity standards that many suppliers will need to satisfy to provide services or products to the DOD. Because understanding the requirements and timelines is crucial, Dun & Bradstreet and QOMPLX developed a comprehensive CMMC Pre-Assessment. Informed by former government security auditors, our CMMC Pre-Assessment walks you through each control measure to understand what will be needed for certification and how to address it. A comprehensive summary of your input is generated, and that report may be provided to auditors as part of your certification effort.

Prepare for Your Certification

Prepare for all levels of certification

CMMC is the U.S. Department of Defense’s new Cybersecurity Maturity Model Certification. CMMC will require that many contractors, primes and subs, establish protocols to protect Controlled Unclassified Information (CUI), Federal Contract Information (FCI), and other data, network, and systems of the Defense Industrial Base (DIB) sector. Previously, companies could self-certify compliance with the appropriate Defense Federal Acquisition Regulations (DFARs). CMMC will require many companies to pass an audit conducted by a certified third-party assessment organization (C3PAO) for one of five levels of CMMC compliance, corresponding to different cybersecurity processes and practices.

CMMC includes five levels of certification, corresponding to different cybersecurity processes and practices:
  • Corresponds with the 17 basic cybersecurity processes that must be performed to protect FCI in NIST SP 800-171 Rev 2 and 48 CFR 52.24-21.
  • Corresponds to 72 cybersecurity requirements including all 17 Level 1 practices. Focus is on establishing and documenting practices and policies for compliance.
  • Corresponds to 130 cybersecurity processes including all Level 1 and 2 requirements. The organization must demonstrate the ability to implement 800-171 requirements and manage ongoing policies and processes.
  • Corresponds to 156 cybersecurity practices including all Level 1, 2 and 3 requirements, which must be reviewed and measured for effectiveness. Adds ability to defend CUI from APT-style attacks. Adds controls from NIST SP 800-171B.
  • Corresponds to 171 cybersecurity processes, including all Level 1, 2, 3 and 4 requirements. Focus is on the protection of CUI from APTs and the increased depth and sophistication of cybersecurity capabilities.

Who should use the Pre-Assessment?

Whether you are going for Level 1 certification (Basic Cyber Hygiene), Level 5 (Advanced/Progressive) or anywhere in between, doing a Pre-Assessment will help your organization identify possible areas of cybersecurity concern and need for improvement. Based on the information and parameters you enter into the Dun & Bradstreet/QOMPLX assessment, you will receive feedback that shows your level of CMMC preparedness. This can help you determine whether to start the certification process for the CMMC level you have set as a goal, or whether to address cybersecurity problem areas and shore up internal processes prior to beginning your assessment.

Our Pre-Assessment is ideal for small to mid-sized companies who don’t have large internal cybersecurity teams or for organizations that are looking to jump-start the CMMC process and want to assess their baseline certification readiness.

Start Your Pre-Assessment Now

"One of my biggest concerns is implementing CMMC for small and medium businesses, because that's where a large part innovation comes from. We need small and medium businesses in our defense industrial base, and we need to retain them.”- Under Secretary of Defense for Acquisition & Sustainment Ellen M. Lord, Jan. 31, 2020 Press Briefing