If you are defense contractor company (either a Prime or Sub-Contractor) in the United States serving the U.S. Department of Defense (DoD) and you handle Controlled Unclassified Information (CUI), you must comply with CMMC by performing a pre-assessment, generate your System Security Plan (SSP) and pass a CMMC AB-approved C3PAO audit, if the contract will be considered a “priority”.

If you have not yet completed your pre-assessment, sign up for the CyberCatch Continuous Compliance Assessment (CCA) Solution.
Even if you have completed your pre-assessment and implemented the required controls, you must now test your controls as mandated. Otherwise you will be out of compliance and be subject to False Claims Act legal liability and equally important, you will not be secure from the bad guys and will fail your C3PAO audit..

CMMC Security Control Requirements:


Requires you to “periodically assess the security controls...to determine if the controls are effective…”


Requires you to “develop and implement plans of action designed to correct deficiencies…”


Requires you to “monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls.”

So if you are not continuously testing your controls and fixing deficiencies, not only are you not secure and inviting the bad guys to break in easily, but you are also out of compliance with CMMC and will fail your C3PAO audit.



Sign up for the CyberCatch Automated Controls Testing (ACT) Solution.

CyberCatch SaaS Automated Controls Testing

Most-affordable Pricing for DIB companies. Annual subscription based on size of employees. Only one fee. Pay annually and save:

1 - 50

$ 250 per month
  • or $2,500 / year
  • SAVE $500

51 - 100

$ 500 per month
  • or $5,000 / year
  • SAVE $1,000

101 - 250

$ 750 per month
  • or $7,500 / year
  • SAVE $1,500

251 - 499

$ 1k per month
  • or $10,000 / year
  • SAVE $2,000

Ready to Get Started?