What is CMMC 2.0?

The Cybersecurity Maturity Model Certification (CMMC) will be required for the DoD’s Defense Industrial Base (DIB) contracts, products, services and supply chain to protect Controlled Unclassified Information (CUI). Certification will be required to work with the DoD. CMMC 2.0 has simplified the Maturity Levels from 5 to 3, depicted in the graphic below.

How do I get Certified?

The Cyber-AB is a non-profit, independent organization. Their primary mission is to authorize and accredit the CMMC Third-Party Assessment Organizations (C3PAOs) that conduct CMMC assessments of companies within the Defense Industrial Base (DIB). The Cyber-AB provides the requisite information and updates on its website.
The Cyber-AB has established the CMMC Marketplace including a list of authorized C3PAO’s and organizations in the CMMC Ecosystem. Cask is the 3rd Authorized C3PAO and has on staff Provisional Assessors, Provisional Instructors, and CCP’s (Certified CMMC Professionals). The voluntary assessment program has begun and the DoD plans to offer incentives to organizations who become CMMC Certified during this timeframe. Reach out now and let’s get started!

Why Choose Cask for your CMMC Certification?

Cask was the third Authorized C3PAO – passing the DIBCAC High Assessment June 2021

Cask is made up of Security Control Assessors/Validators for the DoD and has years of experience in Cyber and Risk Assessment including full program management of these programs. Cask has assessed and obtained certification for over 90 systems including assessing and obtaining certification for the first USMC Cloud based solution and PaaS and SaaS solutions. Cask has also been performing CMMC Gap Analyses and Pre-Assessments since June 2021.

Cask SME’s (Coopers) work as a team conducting Assessments, Pre-Assessments, and Gap Analysis to evaluate a company’s implementation of cybersecurity requirements, adherence to the level of compliance with the requirements of DFARS Clause 252.204-7012, Safeguarding Covered Defense Information, Cyber Incident Reporting, implementation of NIST SP 800-171r2 requirements, and DFARS Clause 252.204-7021 Cybersecurity Maturity Model Certification Requirements.

Subscribe to our CMMC Newsletter


    FCI (Federal Contract Information) vs. CUI (Controlled Unclassified Information)

     CMMC (Cybersecurity Maturity Model Certification) Assessments

    Methodology in Planning and Performance

    Cybersecurity Standards (NIST SP 800-171 and NIST SP 800-172)

    Joint Surveillance Voluntary (JSV) Assessment Program

    Joint Surveillance Voluntary Assessments

    Please contact Cask directly for more information regarding CMMC 2.0 Pre-Assessments, Gap Analysis, and or Formal Assessments.
    Give us a call at 540-498-0897 or email us at CMMC@caskgov.com.