Cybersecurity Maturity Model Certification (CMMC)

Dopkins is a CMMC Registered Provider Organization (RPO) for companies doing business with the United States Department of Defense (DoD).

CMMC Overview

The Cybersecurity Maturity Model Certification (CMMC) was developed by the United States Department of Defense (DoD) and went into effect November 30, 2020.  It is meant to protect against the theft of intellectual property and sensitive information within the Defense Industrial Base (DIB).  CMMC will be implemented using a phased rollout between 2021 and 2026 with all contractors within the DIB needing to be certified by 2026 at the latest.  CMMC is based on, and replaces the previous requirements of, DFARS and NIST 800-171.  Previously there was a list of 110 requirements that contractors would self-report they comply with, now contractors will need to be certified at the required CMMC level prior to receiving contracts from the DoD.

Click here to access Dopkins Registered Provider Organization (RPO) page on the CMMC-AB Marketplace. 

Watch our full-length CMMC overview here!

Have a specific question about CMMC?

Click to view our video by topic segments:

What is CMMC?

What does Cybersecurity Maturity mean?

Where did the CMMC requirements come from?

What topics does CMMC cover?

Who does CMMC apply to?

What is FCI and CUI?

What is required from contractors to protect FCI/CUI?

What do each of the CMMC levels represent?

What are examples of practices?

What is a process?

What are the steps to get certified?

Where can an organization get help preparing for certification?

Where can an organization go to find a certifier?

Final thoughts



CMMC assesses practices which are specific steps or procedures that an organization should be performing within each domain to protect itself from common threats; and processes which are policies and documentation which help determine how consistently the practices will be applied or performed.  Practices and processes are assessed as five different levels that represent progressively more mature and robust security practices and processes.

CMMC Levels

Level 1 – Safeguard Federal Contract Information (FCI)

Processes are performed
Practices are considered “Basic Cyber Hygiene”

Level 2 – Transition to Level 3

Processes are documented
Practices are considered “Intermediate Cyber Hygiene”

Level 3 – Protect Controlled Unclassified Information (CUI)

Processes are managed
Practices are considered “Good Cyber Hygiene”

Level 4 – Additional protection of CUI and reduce risk of Advanced Persistent Threats (APTs)

Processes are reviewed
Practices are considered “Proactive”

Level 5 – Additional protection of CUI and reduce risk of Advanced Persistent Threats (APTs)

Processes are optimized
Practices are considered “Proactive/Advanced”

Sign up for a free CMMC consultation to evaluate your organization’s status:

Our assessment process:

  • Through interviews and observations, we mutually review the practices contained in your target level.
  • For each practice we will ascertain whether the practice is currently being performed or not, and how it is being performed.
  • We provide guidance on best practices and options to accomplish currently unperformed or incomplete practices.
  • We mutually review the maturity of processes contained in your target level including documentation, policies, and planning.

Delivering recommendations:

Upon completion of the assessment, the client will have a list of CMMC practice gaps and recommendations.  Process maturity will be identified for each practice in your target level.  Each practice that requires additional documentation, policies, or planning will be reported.

We then suggest an action plan that offers a realistic approach to reaching your target level.  New security practices can be overwhelming.  Our action plan structures implementation timing and shared responsibilities to create a sustainable security culture.

Our remediation assistance services include:

  • Risk Assessments
  • User training and testing
  • Identifying and implementing technical controls
  • Assistance with documentation development
  • Creating policies
  • Incident response plans

For more information, please contact Patrick Rost CMMC-AB RP at



Whether you are evaluating career opportunities as an accountant, business consultant or IT professional, you'll want to know what differentiates Dopkins & Company from all the competition. Learn more today.

Learn More