Welcome To CMMC Fledge!
Fly Through Your CMMC Journey!
The Cybersecurity Maturity Model Certification (CMMC) is a DoD compliance framework. Utilizing the NIST 800-171 Rev 2 standard, this framework contains various levels (l1, l2 (Self-Assessment),
l2 (C3PAO Assessment), l3) of certification.
CMMC l1: Is the base level of certification. This certification only includes 15 controls from the NIST 800-171 standard. These controls allow organizations to host
Federal Contract Information (FCI). FCI usually consists of non-public technical drawing, reports, contracts, or financial information from the government.
With only 15 controls to assess, this certification is made for lower-security environments. CMMC l1 consists of self-attestation.
CMMC L2 (Self-Assessment): Is a slight deviation from the traditional CMMC l2 Third party assessment. This level still contains CUI but must not contain any
CUI types that are listed within the
DoD CUI Registry.
Due to this, many organizations that pursue an l2 certification may not be able to do a self-assessment.
Many use this as a steppingstone to the l2 certification with a C3PAO as this can reduce the cost of an assessment as your organization is more prepared.
This still includes all 110 controls from the l2 Assessment guidelines within the CMMC l2 (C3PAO Assessment).
CMMC l2 (C3PAO Assessment): Is the most popular choice among those seeking CMMC certification. With 110 controls from the NIST 800-171 standard, it is far more in-depth than l1.
In addition to Federal Contract Information (FCI), organizations are allowed to host Controlled Unclassified Information (CUI).
This certification requires detail on everything from access controls to auditing. From preparation to the actual assessment process can take 1 - 2 years and cost upwards to $300,000.
This can lead many organizations to fear that first step.
CMMC l3: Is for the most secure types of systems.
This builds upon the CMMC l2 certification by adding an additional 24 controls from the NIST 800-172 standard.
Due to the further complexities and additional scrutinization it is hard to give accurate information with a general overview of information.
As such, the CMMC Fledge system does not support CMMC l3 certifications.
Compliance initiatives have been rapidly growing as the current president, Donald J. Trump, has made CMMC compliance mandatory for government contractors.
This is part of a rollout initiative starting November 10, 2025. Due to this CMMC and its processes have been uplifted to support this new standard.
By doing so its processes have become more robust and stricter, making it harder to step into the door. But being able to work with the DoD and other government organizations is
extremely lucrative so many organizations see this certification as a cost of doing business. With an expensive upfront cost in the 6-figure range, it may seem not worthwhile.
Fortunately, many organizations have shown that in the long run getting CMMC certified to win government contracts can lead to increased revenue and relationships with government organizations.
The CMMC Fledge system is here to solve that issue for your organization. Please browse our resources as you prepare for your compliance journey and feel free
to take our free assessment. This will allow you to input information regarding your organization's system. By taking this assessment, you will feel more confident about your
journey into the CMMC process and be able to understand concepts as you move further into this process.
Start Your Assessment Today!
Click Here to Begin
If you see any unfamiliar terminology, please refer to our dictionary! Terms not commonly used have been defined in one place. Use this to your advantage
as you move through our assessment or as you further your CMMC assessment journey!
