CMMC Compliance Specialist

CMMC Preparation for

Defense Contractors

If your DoD contract involves Federal Contract Information (FCI) or Controlled Unclassified Information (CUI), CMMC certification is required. We guide small and mid-sized companies through every step - from gap assessment to configuration to certifications readiness.

Book Free Assessment

Level 1 vs Level 2

17

110

14 Level 1 Practices

Level 2 Practices

Security Domains

CHOOSE YOUR LEVEL

Which level do you need?

Determined by your contract - specifically whether it involves FCI or CUI

Level 1 - FCI

Level 2 - CUI

Basic cyber hygiene

Advanced protection

For contractors handling Federal Contract Information. 17 foundational practices. Annual self-assessment - no third-party auditor required.

For contractors handling Controlled Unclassified Information. 110 practices mapped to NIST SP 800-171. Third-party assessment required.

17 practices

Self-assessment allowed

SPRS Submission required

Annual renewal

4-8 weeks to achieve

110 practices across 14 domains

C3PAO assessment required

SPRS score + SSP required

Every 3 years + annual affirmations

3-9 months to achieve

Level 1 Preparation

Level 2 Preparation

Our Process

How we get you certified

Four phases from where you are today to assessment-ready.

1

2

3

4 Gap assessment

Remediation plan

Documentation

Assessment ready

Practice-by-practice evaluation. SPRS score estimate. Written findings report.

Prioritized roadmap, cost estimates, and technology recommendations.

SSP, POA&M, policy library, network diagrams, incident response plan.

Mock assessment, gap verification, C3PAO selection, and formal support.

Find out where you stand - free

Book a 30-minute call and we'll tell you exactly which level you need, where your gaps are, and what it will realistically take to get certified.

Bood your free assessment

RVA Tech Visions

Technology security and compliance advisory for small and mid-size businesses in the Richmond, VA metro area and beyond.

CMMC Compliance Specialist

CMMC Preparation for

Defense Contractors

If your DoD contract involves Federal Contract Information (FCI) or Controlled Unclassified Information (CUI), CMMC certification is required. We guide small and mid-sized companies through every step - from gap assessment to configuration to certifications readiness.

17

110

14

Level 1 Practices

Level 2 Practices

Security Domains

CHOOSE YOUR LEVEL

Which level do you need?

Determined by your contract - specifically whether it involves FCI or CUI

Level 1 - FCI

Level 2 - CUI

Basic cyber hygiene

Advanced protection

For contractors handling Federal Contract Information. 17 foundational practices. Annual self-assessment - no third-party auditor required.

For contractors handling Controlled Unclassified Information. 110 practices mapped to NIST SP 800-171. Third-party assessment required.

17 practices

Self-assessment allowed

SPRS Submission required

Annual renewal

4-8 weeks to achieve

110 practices across 14 domains

C3PAO assessment required

SPRS score + SSP required

Every 3 years + annual affirmations

3-9 months to achieve

Our Process

How we get you certified

Four phases from where you are today to assessment-ready.

1

2

3

4

Gap assessment

Remediation plan

Documentation

Assessment ready

Practice-by-practice evaluation. SPRS score estimate. Written findings report.

Prioritized roadmap, cost estimates, and technology recommendations.

SSP, POA&M, policy library, network diagrams, incident response plan.

Mock assessment, gap verification, C3PAO selection, and formal support.

Find out where you stand - free

Book a 30-minute call and we'll tell you exactly which level you need, where your gaps are, and what it will realistically take to get certified.

RVA Tech Visions

Services

Company

About Us