Cybersecurity Maturity Model Certification (CMMC)

Are you CMMC Ready?

Schedule a Gap Assessment

Click Here

Learn About CMMC

CMMC Model and Assessment Guides

Click Here

The Tennessee Procurement Technical Assistance Center and the Tennessee Manufacturing Extension Partnership are joining forces to provide resources to manufacturers that need help interpreting, implementing, and complying to government mandated Cybersecurity standards – specifically the Cybersecurity Maturity Model Certification (CMMC 2.0).

Deliberate collaboration between TPTAC and TMEP will result in more Tennessee manufactures able to compete for government contracts, thereby expanding the government’s industrial base and improving Tennessee manufacturing’s productivity, economic competitiveness, and technological capabilities.

On November 4, 2021, the U.S. Department of Defense (DoD) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) announced Version 2.0 of the highly publicized Cybersecurity Maturity Model Certification (CMMC). This updated version seeks to simplify the model and reduce compliance costs by streamlining the program and scaling back the requirement that all defense contractors obtain third-party certification of their cybersecurity capabilities. The CMMC 2.0 program structure and requirements are designed to more easily achieve the primary goals of the internal review:

  • Safeguard sensitive information to enable and protect the warfighter
  • Dynamically enhance DIB cybersecurity to meet evolving threats
  • Ensure accountability while minimizing barriers to compliance with DoD requirements
  • Contribute towards instilling a collaborative culture of cybersecurity and cyber resilience
  • Maintain public trust through high professional and ethical standards


Contact us to schedule a CMMC Gap Assessment.


CMMC 2.0 streamlined the number of maturity levels from five to three, and removed CMMC-unique practices and maturity. The three new maturity levels are aligned with existing standards as follows:

  • CMMC 2.0 Level 1 is aligned with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems
  • CMMC 2.0 Level 2 is aligned with NIST SP 800-171 (and also requires compliance with FAR 52.204-21)
  • CMMC 2.0 Level 3 is aligned with NIST SP 800-172 (and also requires compliance with FAR 52.204-21 and NIST SP 800-171)

The Cybersecurity Maturity Model Certification is a model for validating SMMs that have taken the necessary measures to protect their CUI per federal requirements. Validation is essential in meeting obligations of each specific contract. The primary purpose of the CMMC gap assessment is to help determine your present level of conformance to NIST 800-171 and CMMC. A CMMC gap analysis enables you to understand which controls you need to adopt, expand, or adjust to meet the required CMMC compliance level.

  1. Complete a full audit and review of all existing policies, plans, documents, resources, etc.
  2. Compare your current assessments, projects, implementations, tests, interviews, and security controls with those required for your CMMC level.
  3. Develop a report on your current CMMC implementation status, including documentation of any gaps and recommendations to achieve compliance.
  4. Provide technical assistance to implement/update security plans, POA&M, and cybersecurity policies and procedures.

Latest CMMC News

DoD Mandatory Controlled Unclassified Information (CUI) Training

Procurement Technical Assistance Center

Government Contracting

Tennessee Manufacturing Extension Partnership

Manufacturing Excellence