CMMC Certification

Preparing Your Company for Department of Defense Supply Chain Requirements

CMMC-AB Registered Provider Organization™ Logo

Earn the CMMC Certification You Need to Win DoD Contracts

Pratum is a CMMC-AB Registered Provider Organization™. Our experienced cybersecurity consultants guide organizations through the Department of Defense’s (DoD) new Cybersecurity Maturity Model Certification. If the DoD is ultimately your customer, you should start working now on your CMMC certification.

Since CMMC’s launch in 2020, Pratum has been on the front edge of preparing clients to reach their CMMC goals. We are already working with firms on their readiness plans. Our deep experience with governing organizations means our consultants know the right questions to ask decision makers about your specific situation, preparing you to meet your requirements by the deadline.

Pratum’s work with the Federal Information Systems Management Act (FISMA), Federal Risk and Authorization Management Program (FedRAMP) and more positions us to help companies pursue CMMC certification as soon as the standards are finalized.

We Are CMMC Experts

How CMMC Works

In 2020, the DoD began moving toward requiring CMMC compliance for every vendor in its supply chain—300,000 companies when the process is complete. So whether your firm delivers completed fighter jets to the Pentagon or builds an electronic control inside those jets, your future contracts depend on meeting CMMC requirements in the near future.

Protecting your opportunity for contracts with the DoD means understanding exactly which CMMC requirements apply to you. Pratum’s consultants will help you identify the standards you need to meet, including whether you fall into the group that requires third-party certification of your security protocols.

Where to Start

  • If you are at a CMMC level that requires assessment, allow yourself 6 months to complete CMMC certification.
  • Pursue NIST 800-171 standards to prepare for CMMC.
  • Engage a CMMC-AB registered provider organization for guidance and prep.

For details on CMMC 2.0, see our blog article "10 Questions with a CMMC Registered Practitioner".

Finding the Right CMMC Level

Pratum will help identify the CMMC Level your work requires. While the original CMMC release included five levels, CMMC 2.0 now includes three levels.

CMMC 2.0 Levels vs. CMMC original Levels comparison

Level 1


This level will apply to most companies in the Defense Industrial Base (DIB) and requires compliance with 17 basic cyber hygiene practices. Companies at this level can provide an annual self-attestation regarding their compliance.

Level 2


This level applies to companies that handle Controlled Unclassified Information (CUI). At this level, companies must comply with the requires of NIST SP 800-171, which is already required of most companies handling CUI. Some companies at this level will be required to pursue a third-party certification of their security program based on whether they are engaged in what the DoD labels a “prioritized acquisition.”

Level 3


Details have not yet been released for this level, which will apply to companies handling the most sensitive information from the DoD.

CMMC 2.0 will allow companies to include Plans of Action and Milestone (POA&Ms) that let them move forward with contracts while still working to complete parts of their cybersecurity plan. Pratum will help you implement a plan that lets you get to work on the new contract while continuing to update your policies.

CMMC Additional Resources

10 Questions with a CMMC Registered Practitioner
The Defense Department recently pumped the brakes on the rollout of its much-discussed CMMC cybersecurity standard—and made significant changes that should greatly simplify compliance for private companies.
Read More
What New Cybersecurity Laws Mean for You
The government keeps making it harder for business leaders to kick the cybersecurity can any further down the road. Another round of new cybersecurity laws affecting the insurance industry, for example, continues the trend of state and federal bodies giving businesses not-so-gentle pushes to get their data policies in order. Read More
Securing Your Supply Chain
The traditional term “supply chain” hardly captures how modern companies—even small ones—interact with customers and suppliers. “Supply ecosystem” more accurately describes how sensitive information flows in all directions in supply chains among companies that depend heavily on each other in daily operations.
Read More

Interested in CMMC Compliance?

Request a complimentary quote today.

The information we track while users are on our websites helps us analyze site traffic, optimize site performance, improve our services, and identify new products and services of interest to our users. To learn more please see our Privacy Policy.