Certification
The CMMC (Cybersecurity Maturity Model Certification) is a certification that assesses a company’s cybersecurity maturity level. It is a crucial standard for businesses working with the U.S. Department of Defense and can also serve as a competitive advantage for other organizations.
Cybersecurity Maturity
Model Certification
The U.S. Department of Defense (DoD) has established a cybersecurity assurance framework requiring all contractors and subcontractors to demonstrate compliance with specific cybersecurity posture standards.
Since 2021, all DoD contracts—including existing agreements—must include a mandatory requirement for compliance with NIST SP 800-171 Rev. 2. In addition, all Requests for Quotation (RFQs) progressively require a specific CMMC certification level as a prerequisite for eligibility.
The CMMC framework is based on NIST SP 800-171, with CMMC Level 2 mandating full compliance with NIST SP 800-171, as outlined in DFARS Clause 252.204-7019, plus 20 additional security controls.
Prime contractors, including foreign entities, are contractually obligated to ensure that their subcontractors (up to the third tier) also meet the CMMC cybersecurity requirements specified in their awarded contracts. The required CMMC level depends on the type of Controlled Unclassified Information (CUI) handled or accessed by the supplier or subcontractor.
Certification
Cybersecurity Maturity
Model Certification
The U.S. Department of Defense (DoD) has established a cybersecurity assurance framework requiring all contractors and subcontractors to demonstrate compliance with specific cybersecurity posture standards.
Since 2021, all DoD contracts—including existing agreements—must include a mandatory requirement for compliance with NIST SP 800-171 Rev. 2. In addition, all Requests for Quotation (RFQs) progressively require a specific CMMC certification level as a prerequisite for eligibility.
The CMMC framework is based on NIST SP 800-171, with CMMC Level 2 mandating full compliance with NIST SP 800-171, as outlined in DFARS Clause 252.204-7019, plus 20 additional security controls.
Prime contractors, including foreign entities, are contractually obligated to ensure that their subcontractors (up to the third tier) also meet the CMMC cybersecurity requirements specified in their awarded contracts. The required CMMC level depends on the type of Controlled Unclassified Information (CUI) handled or accessed by the supplier or subcontractor.
The CMMC (Cybersecurity Maturity Model Certification) is a certification that assesses a company’s cybersecurity maturity level. It is a crucial standard for businesses working with the U.S. Department of Defense and can also serve as a competitive advantage for other organizations.
Our approach to
CMMC
By signing MoU with CMMC-CoE (USA) and CMMC-EU (UK), GERICO Security Srl has solidified its position as the Italian focal point for the CMMC (Cybersecurity Maturity Model Certification) and NIST SP 800-171 compliance, supporting national defense companies within the U.S. Department of Defense (DoD) Defense Industrial Base (DIB).
Cyber threats know no borders, which is why GERICO Security has joined the Advisory Board of the U.S. CMMC-CoE, reinforcing its commitment to transatlantic cybersecurity collaboration.
🔗 Meet Our Expert: Giustino Fumagalli
As cyber threats grow in sophistication and frequency, strong cybersecurity governance is essential. GERICO Security specializes in Information Security Governance, providing high-level consultancy not only to the defense sector but also to B2B enterprises and service providers in the public sector.
Your Trusted CMMC Partner in Italy: GERICO Security serves as the focal point for the Defense companies of Italy for CMMC – Cybersecurity Maturity Model Certification- and NIST SP 800-171 implementation to align with DoD cybersecurity requirements.
We have also covered CMMC in ICT Security Magazine, analyzing how this certification is becoming a cornerstone in protecting sensitive data and outlining the key steps businesses must take to achieve compliance.
What We Offer
GERICO Security Srl provides comprehensive support to help businesses meet CMMC and NIST SP 800-171 requirements. We assist companies in both the self-assessment process mandated by the U.S. Department of Defense (DoD) and the certification journey for CMMC.
Companies must be prepared to demonstrate compliance through rigorous audits and assessments, including submitting reports to the DoD Supplier Performance Risk System (SPRS) which must also be accessible to their subcontractors.
As the Italian reference point for CMMC and NIST SP800-171 compliance, GERICO Security collaborates officially with CMMC-CoE (USA) and CMMC-EU (UK) to support defense companies within the DoD’s Defence Industrial Base (DIB).
At Gerico, we guide businesses through every step of the compliance process, including:
Identifying the necessary actions to meet DoD cybersecurity requirements and
managing relationships with certification bodies throughout the assessment and certification process.
