CMMC - CPCSC Level 1 & Level 2
for Defense Contractors &
Sub-Contractors
The Cybersecurity Maturity Model Certification (CMMC) is a U.S. Department of Defense (DoD) program designed to ensure contractors and subcontractors protect sensitive information, specifically Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). The Canadian Program for Cybersecurity Certification (CPCSC) is similar in scope and timelines to CMMC for Canadian contractors and sub-contractors.
CyberCare Pro supports contractors and sub-contractors on their journey to become CMMC 2.0 and/or CPCSC 2.0 assessment-ready.
How it Works
The Cybersecurity Maturity Model Certification (CMMC) is a U.S. Department of Defense (DoD) program designed to ensure contractors and subcontractors protect sensitive information, specifically Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). The Canadian Program for Cybersecurity Certification (CPCSC) is similar in scope and timelines for Canadian contractors and sub-contractors.
​
Effective as of December 16, 2024, with mandatory implementation set for October 1, 2026, CMMC 2.0 simplifies the original model to three levels: Level 1 (Foundational), Level 2 (Advanced), and Level 3 (Expert). For small organizations dealing with the Department of Defense or Federal agencies, the focus is typically on Levels 1 and 2, given their size and resource constraints.
CMMC Level 1 focuses on basic cyber hygiene, protecting FCI, requiring annual self-assessment and affirmation. Level 2, necessary for handling CUI, implements all 110 NIST SP 800-171 controls, involves a third-party assessment by a Certified Third-Party Assessment Organization (C3PAO) every three years, and allows a Plan of Action and Milestones (POA&M) for partial compliance at assessment.
The CyberCare Pro Approach
Focus on cost-effective, business-friendly implementations to get you ready for the CMMC and CPCSC Level 2 Assessment.
​
CMMC/CPCSC Level 1 – 60 Days:
-
Conduct a gap assessment to ensure all 15 FAR controls are met using existing technologies.
-
Use free or built-in tools (e.g., Windows Defender, BitLocker) to minimize costs.
-
Document compliance in a simple System Security Plan (SSP) and perform annual self-assessments.
​
CMMC Level 2 – Assessment Ready in 6-12 months:
-
CyberCare Pro to perform a gap assessment against NIST SP 800-171
-
Invest in advanced technologies like MFA, SIEM, and EDR to meet the 110 controls required
-
Develop a comprehensive System Security Plan (SSP) and consider cloud solutions with FedRAMP Moderate compliance
-
Schedule a C3PAO assessment early due to limited availability (fewer than 80 C3PAOs for over 80,000 organizations).
CyberCare Pro Total Care
-
Expert vCISO consultants
-
Seamless implementation of managed technology solutions to ensure compliance
-
Access to risk management platform for visibility and accountability
-
Cost-effective project or monthly options
-
Cyber Warranty of up to $50,000 to ensure you are protected against cyber incidents
-
Assistance with financing and grants as applicable
Program Roadmap
-
Define Objectives and Scope
-
Conduct Gap Assessment
-
Develop a System Security Plan (SSP)
-
Create a Plan of Action and Milestones (POA&M)
-
Secure Leadership Buy-In
Phase 1: Planning and Preparation
-
Select a C3PAO
-
Pre-Assessment Review
-
Gather Evidence
​
​
​
​
​
​
​
Phase 3: Assessment Preparation
-
Remediate Gaps
-
Train Personnel
-
Establish Governance and Documentation
-
Conduct Internal Testing
Phase 2: Implementation
-
Undergo C3PAO Assessment
-
Receive Assessment Results
​
​
​
​
​
​
​
Phase 4: CMMC Assessment
-
Maintain Compliance with Continuous monitoring
-
Prepare for Recertification every 3 years
​
​
​
​
Phase 5: Maintenance and Continuous Monitoring
Financing Options
CyberCare Pro offers access to a number of monthly payment plan and grant options to support you.
Learn more about grant and financing opportunities when you book a call with an Advisor
Contact Us To Apply