Are your DoD contracts at risk?

If you’re not CMMC certified, you won’t be able to do business with the Department of Defense.


What You Need to Know

About CMMC

The Cybersecurity Maturity Model Certification program establishes a set of standards that over 300,000 organizations must meet to be eligible to bid on or renew contracts with the U.S. Department of Defense (DoD).

On September 29, 2020 the Department of Defense published the interim rule for the implementation of the Cybersecurity Maturity Model Certification (CMMC) with DFARS Case 2019-D041, Assessing Contractor Compliance with Cybersecurity Requirements effective November 30, 2020. Full implementation into all new Department of Defense contracts will be phased in over the next 4 years and will require:

  • A self-assessment, reviewing implementation of 110 cybersecurity controls defined in NIST SP 800-171.
  • A System Security Plan (SSP) that provides the details of the environment and implementation of the controls.
  • A Plan of Action & Milestones (POAM) that defines which controls are not addressed and specific time frames and plans for implementation.

This interim rule amends DFARS subpart 204.73, Safeguarding Covered Defense Information and Cyber Incident Reporting, to implement the NIST SP 800–171 DoD Assessment Methodology. It directs contracting officers to verify in SPRS that an offeror has a current NIST SP 800–171 DoD Self Assessment score on record, prior to contract award.

The CMMC program will require certification for all contractors currently doing business or who want to do business with the Department of Defense. If you are a DoD contractor, it is important for you to ensure your MSP is also compliant with the CMMC standards.


Businesses That Must Obtain CMMC Certification

Identify your desired Maturity Level to bid on DoD contracts (below) and then schedule a gap analysis with Back to Business I.T. If you are unsure of your required Maturity Level, we will help you identify it. Together, we will evaluate your current network against NIST SP 800-171 and CMMC requirements and identify evidence for auditors. Our consultants will help you develop your System Security Plan (SSP) and Plan-of-Action & Milestones (POAM).  When the SSP and POAM requirements have been met, you will be ready to take the CMMC audit and receive your certification!

CMMC Maturity Levels and Focus

Deadline to Get CMMC Certified

Let Us Help You

Get CMMC Certified

Our Cybersecurity experts can perform a comprehensive gap analysis and determine your current SPRS score, as well as work with you on a plan to resolve any areas of non-compliance. As a full-service I.T. firm, we can also implement solutions to address gaps so you are both compliant and ready for CMMC certification.


We conduct a thorough gap analysis and compare your current network with the NIST SP 800-171 & CMMC requirements. This reveals areas to address for compliance.


We prepare a System Security Plan (SSP) and Plan-of-Action & Milestones (POAM) based on the analysis. This serves as documented evidence to show you're working toward compliance.


We help you implement the suggestions based on the POAM. The solutions can vary -- from something as simple as implementing multi-factor authentication to updating infrastructure.

Schedule Your Analysis

With One of Our Experts