Proudly serving Virginia, Maryland and DC // Call us today! 703.396.6120
V2 SystemsV2 Systems
CMMC Is Complex, But You Need It If You Want to Do Business.

by Erik Briceno

You have probably heard about Cybersecurity Maturity Model Certification lately, especially while looking for work in the Federal system. In a previous article, we talked a little about a new set of standards to meet in addition to NIST. As we mentioned, Cybersecurity Maturity Model Certification, or CMMC, is basically an extension of NIST 800-171. Today we’re going to go into a little more detail on what’s involved in meeting CMMC compliance and how V2 Systems can help you achieve certification.

CMMC Is a DoD Requirement

As we mentioned before, if you plan on doing any business at all with the Department of Defense, you need CMMC certification. The CMMC is the DoD’s next step to ensure and enhance the scope of cybersecurity for national security data and networks following the Defense Federal Acquisition Regulation Supplement (DFARS) issued in 2016. This scope covers a total of 17 areas of importance:

  1. Access Control
  2. Asset Management
  3. Audit and Accountability
  4. Awareness and Training
  5. Configuration Management
  6. Identification and Authentication
  7. Incident Response
  8. Maintenance
  9. Media Protection
  10. Personnel Security
  11. Physical Security
  12. Recovery
  13. Risk Management
  14. Security Assessment
  15. Situational Awareness
  16. Systems and Communications Protection
  17. System and Information Integrity

These 17 points comprise five “levels” that make up your entire security rating, ranging from basic habits to advanced security operations.

If that sounds like a lot, that’s because it is. And what’s more, there is no “self-certification” when it comes to CMMC, like there is with NIST 800-171. Your organization will coordinate directly with an accredited and independent third-party commercial certification organization to request and schedule a CMMC assessment.

Here’s How You Can Prepare for a CMMC Assessment

CMMC Is Complex, But You Need It If You Want to Do Business.The best thing an organization can do to prepare for a CMMC assessment is to first create what NIST refers to as a System Security Plan, or SSP. An SSP basically outlines your entire security structure. NIST has provided an SSP template which can be found here. Once your SSP is fully outlined, it’s time to start identifying weak spots and – most importantly — lay out how you plan to correct them. These are known as Plan of Action and Milestones (POAM) and will link directly back to each area covered in CMMC.

All of this may seem like a lot, but it’s completely necessary. Anyone who does not meet the requirements for CMMC will not be able to do business with the Department of Defense in any way — and that’s a huge deal for many. Contact us today at 703-396-6120, and we’ll help you through a plan of action to meet these complex requirements. The less you have to worry about it, the more time you can spend focusing on what matters most to you and your organization.


Since 1995, Manassas Park, VA-based V2 Systems has employed local systems administrators, network engineers, security consultants, help desk technicians and partnering companies to meet a wide range of clients’ IT needs, from research, to implementation, to maintenance. Concentrate on your VISION…We’ll handle the TECHNOLOGY!

About ebriceno
Erik Briceño is the owner of V2 Systems, Inc., one of Northern Virginia’s leading Information Technology Managed Service Providers. He is an inspiring leader for its employees and instrumental business partner for its customers. He is passionate about V2’s purpose, dedicated to exceeding expectations and a consummate professional not afraid of jumping in and getting his hands dirty. Prior to joining V2 Systems in 2002, Erik was a co-founder and COO of, a leading provider of online resources servicing over 5,000 independent musical artists. At, Erik spearheaded all aspects of corporate development, funding, strategic vision, and business development for the firm. From 1997 to 1999 Erik held the position of Acoustic Systems Engineer for Electric Boat Corporation, a leading defense contractor. In this role, Erik was responsible for the acoustic fidelity of two noise critical systems and components in the US Navy’s nuclear submarine systems. Erik holds a B.S. in Mechanical Engineering from Vanderbilt University and a Masters of Business Administration from George Mason University. When not working, you will find Erik a dedicated family man, raising two young children with his lovely wife Karen. Together, they enjoy building legos, playing baseball, skiing, riding horses, swimming, traveling, and fixing up old Mopars.
CMMC Is Complex, But You Need It If You Want to Do Business.
CMMC Is Complex, But You Need It If You Want to Do Business