Welcome to the Academy's CMMC 1.02 Site!

DOD has now released CMMC v1.02. What does CMMC mean for defense suppliers?

Beginning in 2020 selected RFIs and RFPs will include CMMC requirements. This means if your company wants to win those selected DOD contracts you will have to be CMMC compliant at the time of contract award.

CMMC Assessors and Assessments: Unlike previous compliance programs where you could self-certify your compliance, there will be an army of CMMC assessors that will act as a third party to review, inspect and certify that you are compliant - starting this summer! That means the time to get ready for those assessments is now.

How can the CMMC Academy help out? We will provide both general background and update information about CMMC as well as information on the specific practices your company may need to comply with. This CMMC 1.02 practice-oriented area will include:

• CMMC Reference Guide - An easy way to review which of the 171 practices apply to them
• CMMC Research -  A way for you to indicate which areas of CMMC are difficult to understand
• CMMC Augmentation - The Academy will work to provide further insights about CMMC practices - via assessment and implementation notes, panel discussions, videos, Q&A, and more.



View the Webcast:

DOD CMMC Summary

The goal of the DOD CMMC initiative is to prevent sensitive data from being stolen by  adversaries  from the 300,000 DOD contractors and subcontractors. The two key types of information DOD wants to protect  are Controlled  but Unclassified Information ("CUI") and Federal Contract Information ("FCI"). 

The main concerns of DOD include a) theft and use of this information against the national security interests of the United States and b) theft of intellectual property that results in an estimated $600 billion loss to the U.S. economy.

The Bottom Line: Five Key Takeaways You Should Know

1. Impact on my company: Going forward, companies desiring to win defense contracts (based on RFIs and RFPs) will need to comply with new cybersecurity standards based on CMMC. 
2. Assessments (audits): Unlike in past compliance programs, defense suppliers will no longer be able to "self-certify" or simply declare their compliance; they will be reviewed by reviewed and approved by assessors and third-party assessment companies called C3PAO (CMMC Third Party Assessment Organizations).
3. Schedule: RFIs and RFPs will begin to include CMMC criteria in June and September of 2020. 
4. Rollout in 2020: DOD estimates there will be about 10 contracts issued in 2020, each of which could impact 150 suppliers. That's a total of 1,500 suppliers impacted by CMMC in the fall of 2020. More suppliers will be impacted beyond that. 
5. Your suppliers: In many cases, it may not be sufficient for your own company to be CMMC certified. If your company needs to use suppliers, those companies may also need to be CMMC certified. You should encourage, and perhaps facilitate, their compliance.

Learn more about CMMC here. 

CMMC Academy Events

Latest Video: CMMC 2022 Spring update

The ever-evolving roll out of CMMC 2.0 may have you wondering if your understanding of the 2.0 program is up to date. To level set you on the 2.0 program and requirements, practices and processes, please watch the video displayed below. Celerium’s Chief Operations Officer, Chris Gundel, provides what you need to know, and do, to enable your company to do business with the DoD.

CMMC Reference Guide

Presented by

CMMC Academy Sponsors 

international alliance members

Sponsored by Celerium

CMMC Insights: Training on Implementation by Implementers

These online-only courses provide CMMC training to companies looking to comply with CMMC. The courses are created by an experienced team of cybersecurity implementers with years of experience on NIST standards. 

Implementing CMMC will be different for every company. And with the U.S. government doubling down on cybersecurity, it's important to get it right. So where is the best place to start? 

Our CMMC Insights courses were created to help companies looking to comply with CMMC understand how to implement the practices. Our team has years of experience implementing NIST 800-53. 

CMMC Level 1 Course

CMMC Level 2 Course

One-year access to the learning portal is provided, and we will provide updates on changes to CMMC as clarity is provided on items such as reciprocity. Don't wait -- get started on your CMMC assessment preparation now.