Department of Defense Contractors - Talk to us about CMMC Advisory and Assessment

Waterleaf International LLC,
Waterleaf International LLC,
  • Home
  • Cybersecurity
  • CMMC
  • Government
  • Capabilities
    • Carriers
    • Data Science
    • Network Infrastructure
    • Smart Cities
  • About Us
    • History
    • Leadership
    • Board of Directors
  • Contact Us
  • Job Postings
  • More
    • Home
    • Cybersecurity
    • CMMC
    • Government
    • Capabilities
      • Carriers
      • Data Science
      • Network Infrastructure
      • Smart Cities
    • About Us
      • History
      • Leadership
      • Board of Directors
    • Contact Us
    • Job Postings
  • Home
  • Cybersecurity
  • CMMC
  • Government
  • Capabilities
  • About Us
  • Contact Us
  • Job Postings

CMMC Advisory and Assessment Services

Find out more

Efficient CMMC Compliance Solutions

The CMMC-AB has selected Waterleaf as a Registered Practitioner Organization (RPO) to advise your team on an efficient and cost effective path to CMMC Compliance. 


Or, when you are ready, as a Certified Third Party Assessment Organization (C3PAO), Waterleaf's Provisional Assessors can complete your CMMC assessment. 

Now Scheduling Assessments for Second Quarter 2021

FIND OUT HOW WE CAN HELP
CMMC Registered Provider Organization RPO

Advisory Services: CMMC-AB Registered Provider Organization

CMMC Assessment: Certified 3rd Party Assessment Organization (C3PAO)

CMMC Assessment: Certified 3rd Party Assessment Organization (C3PAO)

With Registered Practitioners on staff, Waterleaf has the necessary certifications, resources, and cybersecurity expertise to enable you to successfully prepare for your CMMC Assessment. Our staff can guide your team through:

  • Understanding CMMC requirements
  • Evaluating current CMMC readiness
  • Developing compliance plan 
  • Implementing changes to 

With Registered Practitioners on staff, Waterleaf has the necessary certifications, resources, and cybersecurity expertise to enable you to successfully prepare for your CMMC Assessment. Our staff can guide your team through:

  • Understanding CMMC requirements
  • Evaluating current CMMC readiness
  • Developing compliance plan 
  • Implementing changes to procedures and practices
  • Completing pre-assessment evaluation


Depending on the level of CMMC Compliance sought, your organization will need to comply with up to 171 practices across NIST SP 800-171 r2 & Rev b, (FAR) 48 CFR 52.204-21 and other practices. We can help!

Certified Third Party Assessment Organization C3PAO

CMMC Assessment: Certified 3rd Party Assessment Organization (C3PAO)

CMMC Assessment: Certified 3rd Party Assessment Organization (C3PAO)

CMMC Assessment: Certified 3rd Party Assessment Organization (C3PAO)

Waterleaf has been selected by the CMMC-AB as a Certified 3rd Party Assessment Organization (C3PAO). Our staff have been certified by the CMMC-AB as Provisional Assessors Level 1-3 and are able to complete assessments on behalf of the company.


 Contact us to schedule your assessment!


Now Scheduling Assessments for Second Quarter 2021

WHAT ARE CMMC, RPO, AND C3PAO?

Cybersecurity Maturity Model Certification (CMMC)

The Cybersecurity Maturity Model Certification, introduced by the Department of Defense (DoD) in 2019, requires suppliers and contractors to pass a third-party audit of their cybersecurity readiness or risk losing their ability to compete for and deliver on certain DOD contracts starting in 2021. When fully operational, the CMMC will be mandatory for all entities doing business with the DoD at any level. All contractors and suppliers, primes and subs are required to:

  • Establish protocols to protect Controlled Unclassified Information (CUI), Federal Contract Information (FCI), and other data, network, and systems of the Defense Industrial Base (DIB) sector. 
  • Meet one of the five CMMC trust levels and 
  • Demonstrate that cybersecurity has been sufficiently implemented through the completion of independent validation activities. 

Initial Award, or continuance, of DoD contracts will be dependent upon CMMC compliance.


CMMC compliance ranges from Basic Cyber Hygiene (Level 1) to Advanced/Progressive (Level 5) with requirements based on the types of information and the level of CUI protection required. Previously, companies could self-certify compliance with the appropriate Defense Federal Acquisition Regulations (DFARs). Now companies must pass an audit conducted by a certified third-party assessment organization (C3PAO).


In 2021 Waterleaf International was selected and qualified by the CMMC-AB to provide advisory services to prepare for your CMMC Assessment (Registered Provider Organization) and has Registered Practitioners on staff. In addition, we have been selected to perform Assessments as a Certified Third Party Assessment Organization (C3PAO). Please note that due to potential conflicts, in accordance with CMMC-AB policy, Waterleaf may only serve in one capacity as either an RPO or as a C3PAO. 

CMMC Levels

CMMC Levels

Progressively More Difficult Compliance Obligations

There are five cumulative Certification levels to the CMMC:


  • Level 1 – Basic Cyber Hygiene: Includes basic cybersecurity appropriate for small companies utilizing a subset of universally accepted common practices. The processes at this level would include some performed practices, at least in an ad hoc manner. This level has 35 security controls that must be successfully implemented.


  • Level 2 – Intermediate Cyber Hygiene: Includes universally accepted cybersecurity best practices. Practices at this level would be documented, and access to CUI data will require multi-factor authentication. This level includes an additional 115 security controls beyond that of Level 1.


  • Level 3 – Good Cyber Hygiene: Includes coverage of all NIST SP 800-171 Rev. 1 controls and additional practices beyond the scope of current CUI protection. Processes at this level are maintained and followed, and there is a comprehensive knowledge of cyber assets. This level requires an additional 91 security controls beyond those covered in Levels 1 and 2.


  • Level 4 – Proactive: Includes advanced and sophisticated cybersecurity practices. The processes at this level are periodically reviewed, properly resourced, and are improved regularly across the enterprise. In addition, the defensive responses operate at machine speed and there is a comprehensive knowledge of all cyber assets. This level has an additional 95 controls beyond the first three Levels.


  • Level 5 – Advanced / Progressive: Includes highly advanced cybersecurity practices. The processes involved at this level include continuous improvement across the enterprise and defensive responses performed at machine speed. This level requires an additional 34 controls.

Learn More

Waterleaf is an expert in the requirements for CMMC compliance and can guide you on your journey. In addition, Waterleaf's Cyberleaf cybersecurity-as-a-service can be a key component in your compliance plan.

Cyberleaf Cyber-as-a-Service

Copyright © 2021 Waterleaf International, LLC - All Rights Reserved.

11571 Majestic Palms Boulevard, Suite 100-110D

Fort Myers, FL 33908

United States

Call Us (866) 330-3140




  • Home
  • Cybersecurity
  • CMMC
  • Government
  • Contact Us
  • Thank you
  • Job Postings
  • Privacy Policy

Cookie Policy

This website uses cookies. By continuing to use this site, you accept our use of cookies.

DeclineAccept & Close