PT-Cybersecurity Maturity Model Certification (CMMC)
"Unfortunately, the Department has learned that some third-party entities have made public representations of being able to provide CMMC certifications to enable contracting with DoD. The requirements for becoming a CMMC third-party assessment organization (C3PAO) have not yet been finalized, so it is disappointing that some are trying to mislead our valued business partners. To be clear, there are no third-party entities at this time who are capable of providing a CMMC certification that will be accepted by the Department. At this time, only training materials or presentations provided by the Department will reflect our official position with respect to the CMMC program. I have also reached out to the presidents of the PSC, AIA and NDIA industry associations to make them aware as well, and they remain connected with my CMMC team.
-Under Secretary of Defense Ellen Lord statement on misleading cybersecurity certification information
-Statement from Under Secretary of Defense Ellen Lord:
WHAT PROPELLED TECHNOLOGIES DOES IS OFFER YOU ΟUR CYBERSECURITY CERTIFIED SUBJECT MATTER EXPERT CONSULTING!
Heard of CMMC but not sure it applies to you? Not sure what is required or if you can afford it? Let the PT experts get you ready.
PT helps DoD contractors prepare for their CMMC assessments quickly and affordably.
Explore our site by using the navigation tool below:
Does CMMC Apply to Me?
The Reason for CMMC
The 5 CMMC Levels
How Do I Become Certified?
What PT Provides
Does CMMC apply to me?
“All companies conducting business with the DoD must be certified.”
– Quote from OUSD(A&S)
Starting in June 2020, all new Department of Defense contracts will require contractors – including subcontractors – to have a Cybersecurity Maturity Model Certification (CMMC).
All companies, no matter how small or what service they provide, will have to be assessed and certified before they can submit a proposal according to the Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)).
The reason for CMMC
Security is no longer optional and no longer confined to IT – every business is affected.
Average cost of a data breach for small to medium-sized businesses is $149k
Malicious cyber activity cost the US Economy between $57 and $109 Billion in 2016
Small Businesses severely underestimate the damage a cyber-attack can impose
Costs of a breach can include damages, data retrieval, system repairs/upgrades, lost business, public relations/damage control, potential lawsuits, lost customers/trust
43% of businesses say they have no confidence in their cyber resilience
Small Businesses Association (SBA) estimates 43% of cyber incidents are targeted at Small Businesses
Cost of a data breach has risen 12% over the past 5 years; cost of incidents can continue for several years after the initial breach
Why many Small Businesses put no effort into cybersecurity – and why they should.
“I don’t have any important data.” — At a minimum, companies have employee data (PII) or proprietary data.
“A hacker wouldn’t target me.” — While the risk from a hacker may be low, it’s not zero – especially if you’re doing business with the government. Natural disasters, disgruntled employees, and human error can also affect any company.
The Cybersecurity Maturity Model aims to significantly enhance the cybersecurity and resiliency of its contractor network, creating a single cybersecurity standard for companies to meet. It ensures an appropriate level of cyber hygiene, resilience from threat actors, and resistance to information ex-filtration for a given contract.
The 5 CMMC Levels
Cybersecurity is holistic. It involves much more than just securing servers and data. It also includes risk management, incident response, physical security, employee awareness training, and more.
The DoD’s new Cybersecurity Maturity Model builds upon existing NIST 800-171 and DFARS 252.204-7012 regulations and adds a certification component. It combines several cyber security standards and best practices to create a family of controls based on a required level of cybersecurity maturity.
The CMMC defines five cybersecurity hygiene levels.
How Do I Become Certified?
ASSESSMENT AND CERTIFICATION
· Your company will determine the level of CMMC required for your contracts
· Your company will request and schedule your own assessment
· A certified independent third party will conduct audits of your CMMC level
· Your company will be awarded a level of certification by demonstrating the appropriate cybersecurity maturity to the assessors
· There will be no self-certification
· There will be no Plan of Actions and Milestones (POA&M)
· The CMMC Cost will scale with the level of certification required
· The cost of certification will be considered an allowable, reimbursable cost as part of the contract and will not be prohibitive
· The goal is for CMMC to be cost effective and affordable for Small Businesses
What PT Provides
PT brings over 20 years of DoD cybersecurity expertise, in addition to experience helping local Montgomery Airport acessess its cybersecuritys based on NIST 800-171. The PT experts are up-to-date on the latest CMMC news by using the site above and encourage you to as well
The site again is
Many consulting companies charge over $1M and take months to get you ready for an assessment! But most Small Businesses don’t have that kind of money – or the time. And they don’t have the expertise or manpower to do it themselves.
PT is different.
We’ll get you ready for a CMMC assessor at any CMMC level required!
We provide certification consulting for an affordable cost in a short amount of time. We provide customized assistance based on your individual company needs. Services include:
EVALUATION OF CMMC LEVEL NEEDED
TEMPLATES FOR ALL REQUIRED DOCUMENTATION
POLICY “BOOTCAMPS” TO HELP YOU CUSTOMIZE THE POLICIES, COMPLETE WITH EXAMPLES AND RECOMMENDED MEASURES
ASSISTANCE REQUESTING AND SCHEDULING YOUR ASSESSMENT
REAL-TIME DOCUMENTATION UPDATES
ON-SITE HARDWARE AND SOFTWARE INSTALLATIONS AND CONFIGURATIONS
ANNUAL EMPLOYEE CYBER SECURITY AWARENESS TRAINING
ON-SITE RAPID COMPLIANCE SUPPORT
Every company is different. Your cybersecurity should match your business.
PT provides customized CMMC support. We can help you prepare for your assessment and certification whether you’re familiar with CMMC or not.
Email us for more information or to talk about your company’s specific needs.
Read more about CMMC from the source at
There is no reason to wait! CMMC is here!