Cybersecurity Maturity Model Certification (CMMC) Conformity Assessments

Peak InfoSec is an Authorized
CMMC 3rd Party Assessment Organization
(C3PAO)

Conformity Assessments

As a C3PAO, Peak InfoSec can conduct the following types of Conformity Assessments of your organization:

Formal Conformity Assessments for Certification

In a formal Conformity Assessment, Peak InfoSec will conduct a Certification driven event to certify your organization as being CMMC 2.0 Level 2 compliant.

In this type of event, Peak InfoSec will follow the CMMC Assessment Procedure (CAP) and related guidance to conduct your assessment.

The results of your Assessments will be submitted to the Department of Defense (DoD).  DoD will then update your Supplier Performance Risk System (SPRS) score with our results.

Mock Conformity Assessments

In a Mock Conformity Assessment, Peak InfoSec will conduct a dry run of your organization using the CAP.  Key note:  A Mock Conformity Assessment will not provide any recommendations for identified gaps.

Mock Conformity Assessments can benefit your organization by:

    • Reducing the risk of the Formal Conformity Assessment failing
    • Identifying gaps due to internal blind spots and biases

Choosing your C3PAO

Prior to beginning your Conformity Assessment, your organization will need to pick a C3PAO from the CMMC-AB Marketplace.

While a C3PAO cannot consult with your firm prior to and after conducting your Conformity Assessment, the C3PAO is a key team member for getting your organization for a Conformity Assessment by:

  • Keeping your organization up-to-date on changes required to complete the Conformity Assessment
  • Supporting your organization to determine what is in your Certification & Assessment Boundaries
  • Supporting your team if they have questions interpreting the CMMC Assessment Guide Security Requirements and Assessment Objectives

Interested in having Peak InfoSec as your C3PAO?

If you are interested in having us conduct your Conformity Assessment, the first step is to complete the web form below.

Very shortly after you contact us, we will:

  1. Contact you to schedule a meeting to understand your Conformity Assessment needs & timing
  2. Provide a pro-bono training session on how to get ready for a Conformity Assessment.  Regardless of whether you pick Peak InfoSec as your C3PAO, this training will help you on your path
  3. Send you a questionnaire in order to size the effort to complete your Conformity Assessment
  4. Create a Conformity Assessment proposal and if everyone agrees, we will place you on our schedule.

Key CMMC Sites

Key References

Key Acquisition References

Other Key Sites

An Authorized CMMC 3rd Party Assessment Organization (C3PAO)