Free Cyber Risk Analysis: Uncover Your Cyber Risks vs. Peers in Just 3 Clicks

Get Started
Request Demo

DFARS and CMMC Ratings

Cybersecurity Maturity Model Certification ensures a unified security standard for all DoD contracts. It requires organizations in the DoD supply chain to rate their maturity level and undergo a CMMC audit by an official CMMC auditor.

DFARS requires an assessment of a government contractor’s implementation of NIST SP 800-171 security requirement before they can receive a contract.


The assessment involves a standard scoring practice along with three assessment level ratings: Basic, Medium and High.

DFARS and CMMC Rating


NIST SP 800-171 DoD Assessment Methodology is broken down into the following three ratings:

Basic: A basic rating means that the organization has done an internal assessment of their System Security Plan (SSP) and Plan of Action and Milestones (POAM).

Medium: A medium rating is received when the Department of Defense scores an organization’s SSP and POAM.

High: A high rating is given after an on-site assessment by the DoD.

Learn more about CyberStrong

Download the Solution Sheet

Download the CyberStrong Solution Sheet