Harness the potential of Generative AI and workflow automation to effortlessly navigate the complexities of CMMC, seamlessly identifying and bridging gaps while ensuring meticulous audit preparation for certification and sustained compliance.

CMMC levels and complexity.

CMMC L-1 DIY

CMMC L-2 GAP

CMMC L-2 CERT

CMMC Update

Cybersecurity Maturity Model Certification (CMMC) is a framework developed by the U.S. Department of Defense (DoD) to enhance the cybersecurity posture of defense contractors and subcontractors. It is designed to protect sensitive information from cyber threats, including Controlled Unclassified Information (CUI) and Federal Contract Information (FCI).

The CMMC proposed rule went into effect on December 26th, 2023. On February 26th, 2024, the 60-day public comment period ended, and the DoD began the final review and publication process. From this time until Q1 2025, at any time, the DoD can implement an interim or final rule publication. The defense contractors that are CMMC compliant when this drops will retain their contracts.

Please click below to view the Department of Defense Cybersecurity Information video
(February 7, 2024 40:40 min)

SMPL CMMC™

L-1 Self Attestation

Streamline your compliance journey using AI-assisted benchmarking and modeling features to obtain a Level 1 baseline SPRS score for annual self-attestation and affirmation.

SMPL CMMC™

L-2 Gap Assessment

Quickly assess a complex maze of Level 2 security gaps using an AI-guided process that assists with your SSP, POA&M, and SPRS score for annual attestations and affirmations.

SMPL CMMC™

L-2 Certification Assistant

Simplify your audit preparation with our efficient, C3PAO-ready evidence collection processes. Leveraging predictive analytics to confidently gauge the success of your organization’s readiness for Level 2 certification and ongoing annual affirmation.

Must complete L-2 Gap Assessment first.

Do you know if you are CMMC L1 or L2 compliant?

Find out. Give us your information and download our chart now.

CMMC Level 3 Certification

(Through DIBCAC)

CMMC Level 3 Certification requires a CMMC Level 2 Final Certification Assessment and compliance with the additional security requirements to defense contractors required by existing acquisition regulations set forth in 32 CFR 170.18 to protect CUI. This level provides enhanced security requirements for protecting against Advanced Persistent Threats (APTs).

Level 3 Certification requires DCMA Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) to validate the implementation of the DoD-defined selected security requirements as outlined in NIST SP 800-172. A CMMC Level 2 Final Certification is a prerequisite to schedule a DIBCAC assessment for CMMC Level 3. DIBCAC will upload the CMMC Level 3 results into eMASS, which will feed information into SPRS making the defense contractors eligible for DoD contract awards for three years.

Level 3 Certification also requires an accountable executive within the defense contractor’s organization to submit an initial affirmation of compliance, a POA&M closeout affirmation if necessary, and, annually after that, an affirmation of continued compliance outlined in 32 CFR 170.22.

SMPL-C does not offer a Level 3 Product at this time.

You must complete a CMMC Level 2 Certification before scheduling a DIBCAC Assessment for CMMC Level 3.

How Can

We Help?