Cybersecurity Maturity Model Certification (CMMC)

Are you CMMC Ready?

Schedule a Gap Assessment

Click Here

Learn About CMMC

CMMC Model and Assessment Guides

Click Here

The Tennessee Procurement Technical Assistance Center and the Tennessee Manufacturing Extension Partnership are joining forces to provide resources to manufacturers that need help interpreting, implementing, and complying to government mandated Cybersecurity standards – specifically the Cybersecurity Maturity Model Certification (CMMC).

Deliberate collaboration between TPTAC and TMEP will result in more Tennessee manufactures able to compete for government contracts, thereby expanding the government’s industrial base and improving Tennessee manufacturing’s productivity, economic competitiveness, and technological capabilities.

CMMC requires small and medium sized manufacturers (SMMs) in the Defense Industrial Base to pass 3rd party assessments based on the cybersecurity maturity level requirement stated in their contracts. Defense contractors will be evaluated based upon the implementation of actual technical controls in addition to their documentation and policies. These evaluations will lead to a level certification of 1 to 5 issued from the CMMC Accreditation Body (CMMC-AB), with level 5 being the most secure. Currently, the majority of companies will require Maturity Levels 1 through 3, with level 3 required for SMMs handling controlled unclassified information (CUI).

CMMC Model Level Descriptions

Downloadable Version

Click Here for a template you can use to conduct a detailed self-assessment.  [Coming Soon]

Online Training and Webinars Hosted by TPTAC and TMEP

Contact us to schedule a CMMC Gap Assessment.

The Cybersecurity Maturity Model Certification is a model for validating SMMs that have taken the necessary measures to protect their CUI per federal requirements. Validation is essential in meeting obligations of each specific contract. The primary purpose of the CMMC gap assessment is to help determine your present level of conformance to NIST 800-171 and CMMC. A CMMC gap analysis enables you to understand which controls you need to adopt, expand, or adjust to meet the required CMMC compliance level.

  1. Complete a full audit and review of all existing policies, plans, documents, resources, etc.
  2. Compare your current assessments, projects, implementations, tests, interviews, and security controls with those required for your CMMC level.
  3. Develop a report on your current CMMC implementation status, including documentation of any gaps and recommendations to achieve compliance.
  4. Provide technical assistance to implement/update security plans, POA&M, and cybersecurity policies and procedures.


Latest CMMC News

DoD Mandatory Controlled Unclassified Information (CUI) Training

Procurement Technical Assistance Center

Government Contracting

Tennessee Manufacturing Extension Partnership

Manufacturing Excellence