SSAE18 (SOC 2)

Cybersecurity Maturity Model Certification (CMMC)

The Department of Defense initiated the CMMC security program and took effect in September 2020. The CMMC certification is required by organizations supporting DoD contracts, or in some cases by organizations that provide services to defense contractors. Even organizations that do not deal directly with the DoD may be asked by customers to comply with CMMC to help support their certification.

What is CMMC?

CMMC outlines a set of controls (capabilities) and practices that are designed to ensure companies are applying adequate controls for the protection of two data categories:

  1. Controlled Unclassified Information (CUI) - Information that requires certain protections that is labelled CUI by the DoD and provided to organizations to support contracts and projects
  2. Federal Contract Information (FCI) - Information that is provided or generated under a government contract that helps support products or services provided to the government

CMMC Maturity Levels

CMMC sets forth five maturity levels that require increasing numbers of controls and practices, depending on the type of data being processed, or requirements stated within the contract.

Level 1 is the lowest level of maturity, contained only 17 practices, with Level 5 requiring 171 practices

The CMMC module helps get you ready for CMMC certification

Tools and Templates built on Atlassian

Document Templates

System Security Plan (SSP) template

Risk Assessment

CMMC Control Scorecards

Control Scorecards

Plan of Action Milestones (POAM)

Audit Program

Audit program

Agility is pre-configured with all the tools and templates you need to implement your CMMC program.

Easily track program status, control compliance, document status and remediation all within your or Ekko hosted Atlassian Cloud instance.


icon Start your CMMC Program

Agility provides you everything you need to start your CMMC program

  • Scope guidance and templates
  • Defined, roadmap project plan and milestones
  • Control remediation dashboards and reports

icon Create Information Security Policies & Procedures

Pre-built CMMC compliant policy templates

  • All policies required to support CMMC domains

iconGap Analysis and Scorecard

Establish your control baseline and program starting point

  • Generate control scorecard and reports
  • Define your remediation and implementation roadmap

iconSelect Certification C3PAO firm

CMMC requires an external C3PAO to conduct your certification audit

  • CMMC Readiness assessment
  • Level 1-5 Certification assessment

icon Program Implementation

Agility provides you all the tools to implement, track and remediate your CMMC Information Security program

  • Remediation and control improvement task tracking
  • Reporting and dashboards
  • Reminders and scheduling

icon Internal Readiness

Conduct your Internal readiness assessment inside Agility

  • CMMC readiness assessment
  • Pre-built audit test cases
  • Generate and manage control evidence


Conduct your CMMC certification audit with your selected registrar audit firm

  • Get certified
  • Conduct annual audits

icon CMMC Maintenance

Agility helps you maintain your ISMS

  • Pre-built task templates
  • Schedule and track ongoing activities
  • POAM tracking and CONMON process

For more information about CMMC