Skip to main content

What we do

Cybersecurity Maturity Model Certification (CMMC)

Cybersecurity maturity model certification
What is CMMC?

The CMMC is a new Department of Defense (DoD) mandate that was released January 31, 2020. The self-attestation of NIST 800-171, NIST 800-52 and DFARS 252.204-7012 is not only complicated, but it has NOT been working so the DoD is unifying all the guidelines via CMMC and auditing contractors in this new "trust but verify" approach.

This new guideline now requires a CMMC 3rd Party Assessment Organization (C3PAO) to audit your cybersecurity policies, procedures and security controls. There are five Maturity Levels (ML) a contractor can achieve, and they build on top of each other – You can’t reach ML5 unless you also have ML1 practices and processes in place. The number of security controls your company needs to implement depends on the ML level you hope to achieve and will also be included in the contract... And did you know that you won’t be able to GET a contract unless you actually pass the CMMC audit?

Are you a Federal Contractor that needs to pass the CMMC Audit to keep your Federal Contract, but don’t even know where to begin? You're not alone... S3 ARMSEC is here to guide you through the process.


Committed to excellence in cybersecurity

Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB)


The CMMC-AB establishes and oversees a qualified, trained, and high-fidelity community of assessors that can deliver consistent and informative assessments to participating organizations against a defined set of controls/best practices within the Cybersecurity Maturity Model Certification (CMMC) Program.

The CMMC Model itself is created and managed by the DoD. Official information is available at

c3pao badge.jpg

Let's talk

We would love to hear from you!