CMMI Institute


Accelerate Your Path to Cybersecurity Maturity Model Certification


The Department of Defense’s (DoD’s) Cybersecurity Maturity Model Certification (CMMC) is foundationally built, in part, on the CMMI model and methodology. ISACA is actively working with the DoD, the CMMC Accreditation Body (AB) and other stakeholder organizations to advance the success of the CMMC ecosystem and help improve the cybersecurity posture and resilience of the defense industrial base (DIB).


Are you overwhelmed on your path to CMMC?

The CMMC Defense Federal Acquisition Regulations (DFARS) requirement is now law and the government is starting to rollout contract requirements for CMMC in upcoming contracts. We can jump start your CMMC efforts with our gap analysis. 

Our three-step gap analysis program will simplify and accelerate your preparation. 
Contact us today to schedule!

  1. Facilitated Assessment

    A CMMC-trained Lead Assessor facilitates interactive review in a worskhop-like format, leveraging the CMMC spreadsheet characterization and tracking tool as an information-gathering framework with your team.

  2. Gap Analysis Roadmap

    We provide a visual roadmap to help you prioritize and systematically address CMMC gaps, based on 30+ years of similar best practice experience with CMMI.

  3. Customized Report

    We provide you with actionable results you can use to make your prioritized CMMC improvements. We note process strengths and weaknesses categorized by CMMC domains to target clear and sustainable improvement.

Let the Authority Help You - Bridge the Gap

CMMC is foundationally built, in part, on the CMMI model and methodology. ISACA is actively working with the DoD, the CMMC Accreditation Body (AB) and other stakeholder organizations like the Public Services Council for the success of the CMMC ecosystem. Our 3-step gap analysis program will simplify and accelerate your CMMC preparation by leveraging your existing CMMI investment and infrastructure.

CMMC is foundationally built, in part, on the CMMI model and methodology.

Our involvement with CMMC means we know exactly how to help you prepare.

Model-based process assessments, including assessment methods and operations, quality control and assurance

Our CMMC SMEs were members of the CMMC AB Working Group and helped author the CMMC Assessment Methodology and training. They are also CMMC Certified Provisional Assessors.

Cybersecurity training and certifications for individuals, organizations and instructors

We’ve developed performance-based cybersecurity training and certifications for individuals and organizations.

Cybersecurity and process auditing and improvement

We offer processes, tools, and best practices for auditing and assessing CMMC controls and continual performance improvement.

Maturity-based organizational accreditation

We provide maturity-based organizational accreditation and validation.

ISACA-CMMI Institute is deeply committed to improving the cybersecurity capabilities of our clients and partners, including the Defense Industrial Base (DIB).  We have been working with the Department of Defense (DoD) as a member of the initial Cybersecurity Maturity Model Certification (CMMC) Stakeholder Committee and we are grateful and honored to be able to continue to contribute to the establishment and ongoing success of the CMMC ecosystem. Going forward into 2020 and beyond, we will continue to work with the DoD, the CMMC Accreditation Body (AB) and other stakeholder organizations by leveraging our deep experience and capabilities in:


The DoD estimates that U.S. companies are losing over $600 billion USD each year in intellectual capital to competitors due to lack of any cybersecurity or awareness. Cyber attacks are on the increase and organizations must take action to protect Controlled Unclassified Information (CUI) and improve related cybersecurity processes and controls so important to national defense.

What is DoD’s Goal?

The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) recognizes that security is foundational to acquisition and cannot be treated as a “tradeoff” option along with cost, schedule, and performance. The DoD is committed to working with the DIB to enhance the protection of CUI and cyber controls and hygiene within the supply chain using the Cybersecurity Maturity Model Certification (CMMC) framework. CMMC assessments will target, review and combine various cybersecurity standards and best practices and map these controls and processes across several maturity levels that range from basic cyber hygiene to advanced/progressive. For a given CMMC level, the associated controls and processes, when implemented, are designed to reduce risk against a specific set of cyber threats.

The CMMC effort builds upon existing regulation (DFARS 252.204-7012) that is based on a "trust yet verify" approach with respect to DoD cybersecurity requirements. The goal is for CMMC to be cost-effective and affordable for small businesses to implement at the lower CMMC levels. The intent is for certified independent 3rd party organizations to conduct CMMC assessments on DIB suppliers to improve their cybersecurity capabilities and to inform them on their risks.

Who are the Key Players?

OUSD (A&S) is working with DoD stakeholders, academia, Federally Funded Research and Development Centers (FFRDCs), and industry to develop and then implement the Cybersecurity Maturity Model Certification (CMMC) program. The CMMC Accreditation Body (AB) was established in January, 2020, and the Memorandum of Understanding (MOU) between the DoD and CMMC AB to setup and operate the CMMC program was signed in March.  The AB has established numerous working groups to get the initial aspects of the ecosystem in place in Q1 and Q2 of 2020.

ISACA’s Subject Matter Experts, and Certified CMMI Lead Appraisers Ron Lear, and Kevin Schaaff, have been active volunteer members of the CMMC Accreditation Body’s CMMC Assessment Methodology Working Groups since inception. This includes the Assessment Methodology Working Group and the Accelerated Assessment Working Group, which were combined into a single working group in July of 2020.  As part of these two critical CMMC AB Working Groups, Mr. Lear and Mr. Schaaff were the primary authors for the current CMMC Assessment Methodology, integrated processes and training content and related materials.  Both remain currently active in the WG volunteer activities as the CMMC ecosystem moves into its initial launch phase.

C3PAO Program

The volunteers at the CMMC Accreditation Body have been busy building infrastructure, observing pilot assessments, and delivering training classes with the first set of randomly selected Provisional Assessors. As of this month, the CMMC AB team has observed 5 pilots at defense industrial base (DIB) companies and has trained and certified 52 provisional assessors. The CMMC AB will be running the third and final provisional class later in October which will result in a total of 75 assessors to date.
The Department of Defense (DoD) released an interim rule to supplement Cybersecurity Maturity Model Certification (CMMC) process that will go into effect 30 November.  

Learn more at the Federal Register website

Read our latest CMMC Blog Post!

Sign up to learn more

Please complete form below to let us know your level of interest in CMMC.
* denotes required field.