Ep 093: Navigating the CMMC Certification

Do you have questions about the new cybersecurity certification? If so, this episode will help you answer those questions. We sat down with Adam Austin from Totem Technologies to discuss How to Navigate the CMMC Certification. You will learn about the current requirements for DoD contractors, how those requirements are currently being assessed, how the CMMC model is going to impact small businesses, and a lot more.

CMMC Q & A with Adam Austin:

Q: What is CMMC?
A: Stands for Cybersecurity Maturity Model Certification (CMMC). It is a new requirement for ALL Department of Defense contracts starting in the fall of 2020 or sometime in 2021. The CMMC will encompass multiple maturity levels that range from “Basic Cybersecurity Hygiene” to “Advanced/Progressive”. The intent is to incorporate CMMC into Defense Federal Acquisition Regulation Supplement (DFARS) and use it as a requirement for contract award.

Q: Where is the government on implementation? Launch date?
A: New CMMC requirements will be included in an extremely limited subset of RFI/RFP in either September or November of 2020.

Q: Will DoD require companies to be certified BEFORE responding to an RFP?
A: That’s what the DoD has indicated, but there isn’t any written documentation to validate. Once CMMC fully takes effect, certification will certainly be required before the contract begins.

Q: Has the government identified where to get certified yet?
A: No assessors are licensed yet, so no. The CMMC Accreditation Body will eventually publish a list of certified third-party assessment organizations (C3PAO) that can perform assessments.

Q: Can you confirm that contractors only need to be CMMC Level 1 to start?
A: That would facilitate a logical progression and advancement to higher levels of security, but no, this is an incorrect assumption. The CMMC Level will be specified in the RFI/RFP. If Controlled Unclassified Information (CUI) is processed under the contract, CMMC Level 2, 3 or above will be specified before the contractor can work the contract. CMMC Level 1 will be the minimum requirement for all of us contractors, as we all process Federal Contract Information (FCI), which requires 17 basic safeguards. But some companies will have an immediate requirement for higher CMMC Levels. This is going to be a challenge for some contractors. The lone exception to CMMC requirements are those purveyors who only provide COTS to the government.

Q: Can we get a copy of Level 1 requirements for CMMC in order to start looking at the starting point?
A: Level 1 CMMC practices are exactly the same as the 17 basic controls currently required by FAR clause 52.204-21 to protect FCI. The definitive source is the CMMC Model site: https://www.acq.osd.mil/cmmc/draft.html. You can download the appendices and view the Level 1 Practices.

Totem is a cybersecurity compliance service organization that offers software that meets the requirements and regulations to be compliant for DFARS, GDPR, and NIST 800 171.


Need something to read? Get your copy of Game Changers the book today!


The concepts and strategies shared in this book are the go-to ninja-style secrets of each author.

You will learn:

★ What it takes to win in the government market
★ How to find the right revenue mix between definitive contracts versus contract vehicles
★ How to properly communicate your past performance
★ How to grow fast in the government market
★ The GovCon small business growth model
★ How to scale your government business
★ Understanding joint ventures
★ What it takes to win SBIR & STTR contracts
★ Winning sole-source contracts
★ Properly leveraging your 8(a) certification
★ Social selling in GovCon
★ Price to win strategies
★ Lean proposal management
★ Contract novation
★ Compensation for unanticipated costs and delays
★ Bouncing back from a losing streak
★ And more than 30 other concepts for growing your government business

Featured Guest: Adam Austin Company: Cybersecurity Quarterback, Totem Tech
Email: adam.austin@hbarcyber.com Phone: (888) 5379-0509

Win More Government Contracts
Become a Federal Access Member
Start Your Journey Today for Free


Select a plan

User Accounts

Strategy Playbooks

7-minute training videos designed to boost your government skills by covering tips, strategies, market updates, and more.  New videos added monthly.

Game Changers Podcast

Industry leading podcast for government contractors.

Step-by-Step Strategies

Master the art and science behind winning government contracts by learning government fundamentals, marketing, sales, teaming, proposals, and operations.

100+ Government Templates

Capability Statements, Corporate Presentations, Bid/No Bid Calculator, Graphics Packs, Compensation Models, and much more...

The Government Sales Manual

Over 450 pages packed with hundreds of Techniques and Strategies.

Featured / On-Demand Webinars

More than 30 hours of high-quality keynote style training sessions on sales, marketing, business development, teaming, proposals, and operations.

On-Demand Training Videos

Videos are broken down by business activity to make them easy to find.

Email Support

Ask a Government Subject Matter Expert (SME) anything and get a detailed response.



always free





$59 / $29 

First month


48 Hour


Posted in Game Changers.