CMMC: Why Me?

By Heather Bennett

October 10, 2022

If you found this blog, chances are you just found out you are required to be CMMC certified. You don’t know what that means, did a web search, and now you’re here. Let me be the first to welcome you to the world of CMMC. It’s nice here, we have (virtual) cookies.

In this article, we are going to cover the who, what, when, and whys associated with CMMC. This will be a brief overview as most of these topics will be covered in depth in future articles. Now is not the time get educated on CMMC!

man sitting at desk pensive

The Who, What, When, and Why of CMMC


Who is who regarding CMMC?

“The Defense Industrial Base Sector is the worldwide industrial complex that enables research and development, as well as design, production, delivery, and maintenance of military weapons systems, subsystems, and components or parts, to meet U.S. military requirements.” (

The DoD requires certification from all DIB contractors and subcontractors. The DoD has estimated that over 300,000 companies will be affected.


What is CMMC?

CMMC is a certification required by the US Department of Defense (DoD). It is a new certification model to ensure all contractors and subcontractors of the DOD properly protect sensitive information.


When will this happen?

The DoD began unveiling contracts with CMMC requirements in 2021. Each subsequent year will add more contractors. It is expected that CMMC will be a requirement on all contracts by October of 2026.


Why am I being required to be CMMC certified?

CMMC was developed to ensure the protection of Federal Contact Information (FCI) and Controlled Unclassified Information (CUI). FCI and CUI can contain sensitive information that could jeopardize the nation’s security if it fell into the wrong hands. An interesting article talking about just that can be viewed here.

Upcoming Blog

The requirements to become CMMC Certified will vary on the extent of FCI and CUI a company handles. We will cover the CMMC Maturity Levels in the next article. Keep up to date with all things CMMC by subscribing to our weekly blog.

Next Steps

Are you ready for Provincia Government Solutions to help you? If so, reach out to our team and let’s talk. We can put you are on the path to success!

Until then, be safe and stay secure!

About Us

Provincia Government Solutions, LLC is a Nashville based HUBZone certified security and risk assurance firm with advanced expertise in government regulatory and compliance cybersecurity requirements including NIST, FISMA, CMMC, SCA, 800-171, TRICARE, MARS-E and ZTA (Zero Trust Architecture) solutions. Our client base includes  government agencies, contractors, and commercial organizations affiliated with government entities. Whether you are seeking audit preparedness, compliance and assurance assessments,  security consulting, or CMMC certification, we have the expertise to help.  Contact us at (615) 807-2822 or at to discuss your security needs today. Consultations are free of charge and we look forward to speaking with you!

Subscribe to our Blog!

Be The First

to Know

When New Blog Content is Published


Contact Information


Provincia Government Solutions is a SBA certified Small  Business cybersecurity assurance firm and a CMMC Certified Third Party Assessment Organization (C3PAO).  We were the first organization to become a  C3PAO in the Middle Tennessee (Nashville) area and provide a full range of services including CMMC consulting and certification assessments. Our assessment team is trained in CMMC and other government assessment disciplines and we are experienced working with organizations of all sizes. Please reach out with any cybersecurity or CMMC related inquiries. We look forward to speaking with you!