Cybersecurity Maturity Model Certification

Our experts provide consulting and enablement services to help DoD vendors achieve the mandatory CMMC certification.

The U.S. Department of Defense (DoD) Office of the Under Secretary of Defense (OUSD) for Acquisition and Sustainment is implementing the Cybersecurity Maturity Model Certification (CMMC) as a verification framework to ensure appropriate cybersecurity practices and processes are in place for the protection of controlled unclassified information (CUI) that resides within the Department’s supply chain partners’ networks. DoD requires the CMMC certification by a third-party assessor to compete for most DoD contracts.

Our team of CMMC experts provides consulting and enablement services to help DoD vendors achieve the mandatory CMMC certification.  Rackspace Technology helps DoD supply chain partners implement and maintain CMMC-compliant environments to process, maintain and store DoD data.  We assist your organization at each stage of your CMMC certification journey – from planning to implementing continuous compliance.

people working on the computer

Frequently Asked Questions

CMMC encompasses multiple maturity levels ranging from “Basic Cybersecurity Hygiene” to “Advanced/Progressive.” The intent is to incorporate CMMC into Defense Federal Acquisition Regulation Supplement (DFARS) and use it as a requirement for contract award.

The DoD intends to incorporate CMMC requirements into the DFARS and will make certification a requirement for most DoD contracts. Visit the official site of the United States government for more information.

DOD will use the new CMMC framework to assess and enhance the cybersecurity posture of the Defense Industrial Base (DIB). The CMMC is intended to serve as a verification mechanism to ensure appropriate levels of cybersecurity practices and processes are in place to protect CUI that resides on the Department’s supply chain partners’ networks.

The DoD estimates that more than 300,000 organizations will require assessment and certification to one of the five CMMC levels. This includes prime contractors, subcontractors and generally all organizations that sell or service the DoD. This means that everyone from small businesses providing services such as HVAC maintenance to major defense contractors will be affected.

The DoD started phasing CMMC requirements into new contracts in 2020. Over the next four years, the department will be looking to add CMMC requirements to increasingly more new DoD contracts, and by FY 2026, nearly all new DoD contracts will include CMMC requirements.

A wide range of organizations, programs and contractors across the DoD supply chain use Rackspace Technology in support of cloud security and compliance government requirements. They leverage Rackspace Technology solutions to create secure environments to process, maintain and store U.S. Federal Government data in accordance with DFARS, DoD Cloud Computing Security Requirements Guide (SRG), Federal Risk and Authorization Management Program (FedRAMP) and other federal compliance programs.

The CMMC Accreditation Body (AB), a non-profit, independent organization, will accredit CMMC Third-Party Assessment Organizations (C3PAOs) and individual assessors. The CMMC AB will provide the requisite information and updates on its website (

The CMMC AB  will manage a CMMC Marketplace that will include a list of approved C3PAOs, as well as other information. , DIB companies will be able to select one of the approved C3PAOs and schedule a CMMC assessment for any specific certification level.

Rackspace Technology collaborates with the DoD and the CMMC-AB on CMMC requirements to help accelerate adoption and certification across the Defense Supply Chain (DSC). The CMMC-AB continues to identify and train the certified CMMC assessors and C3PAOs, define the certification process, detail FedRAMP reciprocity and create the CMMC Marketplace.

Rackspace Technology will provide CMMC solutions that r accelerate the CMMC certification and reduce the level of effort and risk. Rackspace Technology security and compliance solutions include automated deployment capabilities, reference architectures, a CMMC practices responsibility matrix, potential FedRAMP authorization inheritance (once completed by DoD) and supporting certification documentation for customers to leverage as they pursue CMMC certification. Rackspace Technology security and compliance solutions will provide the flexibility to deploy and certify CMMC solutions in both our public and private cloud based on our customers’ business and DoD program requirements.

Talk to our team to learn more

Fill out the form to be connected to one of our experts.