By Mandate


The Cybersecurity Maturity Model Certification (CMMC) is a unified standard implemented by the U.S. Department of Defense that requires any contractor in the defense industrial supply chain obtain third-party assessments to certify cybersecurity contract and is a requirement for contract award.


What is CMMC?

The CMMC – Cybersecurity Maturity Model Certification – is a unified standard for implementing cybersecurity across the defense industrial base (DIB) supply chain with certain mandatory cybersecurity practices, procedures and capabilities.

Trustwave can help organizations move beyond basic cyber hygiene to achieve their security maturity goals, targeted CMMC compliance levels, and continue servicing and bidding on DoD contracts.

What is CMMC Certification?

  • The framework of CMMC is limited to Department of Defense contractors only. Regardless of size, all 300,000+ members of the DIB need to become CMMC-certified, according to the CMMC accreditation body (CMMC-AB), which administers the plan on behalf of the DoD.
  • One of the most impactful requirements of the mandate is that the CMMC assessments – based on 5 different levels of security maturity – are performed and certified by an independent third party CMMC assessors, accredited by the CMMC-AB.
  • Prior to CMMC, the DoD required all contractors and subcontractors to be NIST SP 800-171 compliant and self-certify on their adherence to these rules. Although the new framework includes these requirements, additional cybersecurity standards will also be baked into the new cybersecurity model, including NIST SP 800-53, ISO 270001 and ISO 27032. Meeting these standards – and being certified by an accredited certification assessor – is a requirement to continue fulfilling or bidding on DoD contracts.
  • What are the 5 CMMC levels?
    • Level 1: Safeguard Federal Contract Information (FCI)
    • Level 2: Serve as transition step in cybersecurity maturity progression to protect CUI
    • Level 3: Protect Controlled Unclassified Information (CUI)
    • Levels 4 & 5: Protect CUI and reduce risk of Advanced Persistent Threats (APTs)
Data Sheet

Cybersecurity Maturity Model Certification (CMMC)

Department of Defense (DoD) requires proof of CMMC compliance to ensure protection of controlled unclassified information (CUI) from nation-state and nefarious actors, while keeping the supply chain running safely. Is your Cybersecurity maturity plan at the desired level to participate in the US government contract bidding process?

Get Your Copy Now

Advance Your Compliance

  • Compliance Management Icon


    Provides 24x7 threat detection and configuration management focused on visibility, governance and compliance enforcement, management of IT configuration and settings, and threat detection and investigation in a stealthy environment.

  • Business Man Icon

    Consulting & Professional Services (CPS)

    Trustwave offers CMMC consulting and professional services (CPS) advisory around security program designs to plan and build unique security strategies to protect IT data assets and investments. We can help holistically and strategically assess how well your organization is addressing requirements and develop a plan for remediating weaknesses.

  • SpiderLabs Icon

    Trustwave SpiderLabs

    Renown Trustwave SpiderLabs offers a one stop shop for Security Testing Services (STS); with more flexible options, robust outcomes and better value because of deep, core competency in cybersecurity skill sets. We know cyber and we know security.

  • Dashboard Portal Icon

    Proactive Threat Hunting (PTH)

    Trustwave has proven results across entire SOC maturity, strategy, and governance of scalable roadmaps. Proactive Threat Hunting (PTH) is recommended for Maturity Levels 4 and 5 when Advanced Persistent Threat (APT) controls are required.

  • Info Icon

    Other Services

    Specific to CMMC, Trustwave is one of a few cybersecurity companies that provides a full set of security lifecycle services from advisory to testing to managed services. Other MSSPs only perform some configuration management (compliance-as-a-service), not Managed Threat Detection and Response.


In addition to CMMC services, Trustwave offers a broad security portfolio and industry-leading managed security services to help you align with the requirements, as well as grow your maturity to move beyond compliance.

Digital Forensics and Incident Response (DFIR)

Quickly determine the source, cause and extent of a breach – and then contain, eradicate and investigate the incident, or get proactive by solidifying your response before a security event occus.

Security Testing Services (STS)

Simplify security testing with a consolidated portal that gives you a holistic view of your assets and allows you to arrange self-service or managed security tests, access historical data and gain comprehensive insights on your risk exposure.

Security Colony

A library of resources developed for real clients, including incident response guidelines and playbooks, awareness training strategies and presentations, and more to help implement information security in your organization.

Database Security – DbProtect

A highly scalable database security platform that enables organizations to secure their relational databases and big data stores, both on premises and in the cloud, with distributed architecture and enterprise-level analytics.

Database Security – AppDetectivePRO (ADP)

Trustwave AppDetectivePRO allows your business to discover, assess and report in minutes on the security, risk or compliance posture of any database or big data store within your environment – on premises or in the cloud.