CMMC Certification Made Simple

Harness the potential of Generative AI and workflow automation to effortlessly navigate the complexities of CMMC Level 1 or Level 2 Self-Attestation, while seamlessly bridging gaps and ensuring meticulous preparation for Level 2 Certification and sustained compliance.

CMMC levels and complexity.

CMMC Level 1 Self-Attestation

CMMC Level 1 Self-Attestation requires compliance with the basic safeguarding of 15 requirements to protect Federal Contract Information(FCI) set forth in FAR clause 52.204-21.

Every year, an accountable executive within the defense contractor organization will be required to submit a self-attestation of the company’s implementation of the 15 requirements outlined in 32 CFR 170.15 into the Supplier Performance Risk System (SPRS), an initial affirmation of compliance, and annually after that, an affirmation of continued compliance as outlined in 32 CFR 170-22, making the company eligible for DoD contract award.

L1 Self-Assessment Module

Streamline your CMMC Level 1 self-attestation compliance journey with SMPL-C’s user-friendly GenAI benchmarking and modeling module, enabling stress-free evidence collection and secure maintenance for annual SPRS score attestations and affirmations.

L1 Self-Assessment Module

Streamline your CMMC Level 1 self-attestation compliance journey with our user-friendly GenAI benchmarking and modeling module, enabling stress-free evidence collection and secure maintenance for annual SPRS score attestations and affirmations.

CMMC Level 2 Self-Attestation

CMMC Level 2 Self-Attestation requires compliance with the 110 security requirements outlined in 32 CFR 170.17 and NIST SP 800-171 Rev 2 to protect Controlled Unclassified Information (CUI).

Every year, an accountable executive within the defense contractor organization will be required to submit a self-attestation of the company’s implementation of the 110 requirements outlined in 32 CFR 170.16 into the Supplier Performance Risk System (SPRS), an initial affirmation of compliance, a POA&M closeout affirmation if necessary, and, annually after that, an affirmation of continued compliance as outlined in 32 CFR 170.22, making the company eligible for DoD contract award.

L2 Self-Assessment Module

Streamline your CMMC Level 2 self-attestation compliance journey with SMPL-C’s user-friendly GenAI benchmarking and gap identification module, enabling stress-free evidence collection and secure maintenance for annual SPRS score attestations and affirmations.

L2 Self-Assessment Module

Streamline your CMMC Level 2 self-attestation compliance journey with SMPL-C’s user-friendly GenAI benchmarking and gap identification module, enabling stress-free evidence collection and secure maintenance for annual SPRS score attestations and affirmations.

CMMC Level 2 Certification

CMMC Level 2 Certification requires compliance with the 110 security requirements outlined in 32 CFR 170.17 and NIST SP 800-171 Rev 2 to protect Controlled Unclassified Information (CUI).

Level 2 Certification requires an authorized or accredited CMMC Certified Third-Party Assessment Organization (C3PAO) to validate the implementation of the NIST SP 800-171 Rev 2 security requirements and upload the results into eMASS, which will feed the information into SPRS making the defense contractor eligible for DoD contract award for three years.

Level 2 Certification also requires an accountable executive within the defense contractor’s organization to submit an initial affirmation of compliance, a POA&M closeout affirmation if necessary, and, annually after that, an affirmation of continued compliance outlined in 32 CFR 170.22.

L2 Certification Prep Module

Simplify your audit preparation with our efficient C3PAO-ready evidence collection processes, while leveraging predictive analytics to confidently gauge your organization’s readiness for certification and ongoing annual affirmation success.

Must complete L2 Assessment Module first.

L2 Certification Prep Module

Simplify your audit preparation with our efficient C3PAO-ready evidence collection processes, while leveraging predictive analytics to confidently gauge your organization’s readiness for certification success.

Must complete L2 Assessment first.

CMMC Level 3 Certification (through DIBCAC)

CMMC Level 3 Certification requires a CMMC Level 2 Final Certification Assessment and compliance with the additional security requirements to defense contractors required by existing acquisition regulations set forth in 32 CFR 170.18 to protect CUI. This level provides enhanced security requirements for protecting against Advanced Persistent Threats (APTs).

Level 3 Certification requires DCMA Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) to validate the implementation of the DoD-defined selected security requirements as outlined in NIST SP 800-172. A CMMC Level 2 Final Certification is a prerequisite to schedule a DIBCAC assessment for CMMC Level 3. DIBCAC will upload the CMMC Level 3 results into eMASS, which will feed information into SPRS making the defense contractors eligible for DoD contract awards for three years.

Level 3 Certification also requires an accountable executive within the defense contractor’s organization to submit an initial affirmation of compliance, a POA&M closeout affirmation if necessary, and, annually after that, an affirmation of continued compliance outlined in 32 CFR 170.22.

SMPL-C does not offer a Level 3 Module at this time.

You must complete a CMMC Level 2 Certification before scheduling a DIBCAC Assessment for CMMC Level 3.