Frequently Asked Questions2024-06-06T21:07:09+00:00


We’re here to help! Below you’ll find answers to the questions we get asked the most about our CMMC assessment and certification process.

Have another question? Ask us today!

Frequently Asked Questions

Can we obtain a cost estimate for a CMMC assessment?2024-06-05T22:54:22+00:00

DTC’s primary mission in the CMMC space is to mature the cybersecurity posture of the Defense Industrial Base (DIB). While there are multiple C3PAOs in the ecosystem, some are focused on single transaction sales. We want to partner with DIB companies over the long haul. Our view is that the cost of any assessment is directly related to the organization’s readiness as well as the size of the organization and scope of the enclave being assessed. Without reviewing an organization’s System Security Plan, Network Architecture diagram, Data Flow and/or CUI Flow diagrams, estimates are baseless. DTC will only provide estimates after conducting thorough due diligence to ensure your organization is truly ready for an assessment.

Is CMMC only applicable to Department of Defense Contracts?2024-06-06T13:10:56+00:00

Yes and No! The Federal CUI Rule (32 CFR Part 2002) is also undergoing the rulemaking process and it will apply protection requirements for ALL federal contracts will be required to safeguard Controlled Unclassified Information. The framework for compliance with the FAR CUI rule is the same NIST 800-171/172 requirements that the DoD’s CMMC program will use.

What can I expect during an assessment?2024-06-06T13:11:14+00:00

During a CMMC assessment, a Certified Assessment team will review your organization’s cybersecurity practices and processes against the specific CMMC level requirements applicable to your contract. The assessment will involve examining documentation, interviewing personnel, and observing system implementations to ensure the required cybersecurity controls are in place and effective. The assessor will also verify that cybersecurity processes are institutionalized, meaning they are consistently followed and maintained across the organization.

How do I know what CMMC level is required for my organization?2024-06-06T13:11:36+00:00

The required CMMC level will be specified in the solicitation or contract documents. It is determined by the type of information your organization handles or processes and the associated risk. You can also consult with the contracting officer or the requiring activity for clarification. (Ref DFARS Section 204.7501)

How long is a CMMC certification valid?2024-06-06T13:12:33+00:00

A CMMC certification will be valid for three years. Contractors must maintain a current certificate at the required level throughout the life of the contract and for any option periods or extensions. (Ref DFARS 204.7501)

What happens if my organization fails the CMMC assessment?2024-06-06T13:13:05+00:00

If your organization does not pass the CMMC assessment, you will receive a list of deficiencies that need to be addressed. You will have to implement corrective actions and may need to undergo a re-assessment to obtain certification before you can be awarded DoD contracts that require CMMC. (Ref DFARS 252.204-7021 Cybersecurity Maturity Model Certification Requirements)

Can I perform a self-assessment for CMMC?2024-06-06T13:13:28+00:00

While organizations can perform self-assessments to prepare for the official CMMC assessment, the actual certification must be conducted by a CMMC Third Party Assessment Organization (C3PAO) or a Certified Assessor. (Ref DFARS 252.204 7021)

Are subcontractors also required to be CMMC certified?2024-06-06T13:13:47+00:00

Yes, prime contractors must ensure that their subcontractors have the appropriate level of CMMC certification based on the type of information that will be shared with or handled by the subcontractor. The prime contractor is responsible for flowing down the CMMC requirements to all subcontractors. (Ref DFARS 252.204 7021)

Our expertise enables our customers to continue their mission in seamless fashion, with the knowledge that we are certified experts in the field.

Go to Top