Prepare Your Organization for CMMC Compliance

MorganFranklin’s CMMC Certification Readiness Approach

A Level 3 CMMC certification, which most defense contractors will need to achieve, includes full compliance with NIST 800-171 plus several processes and procedures drawn from other frameworks including FAR 52.204-21, DFARS 252.204-7012 & 252.204-7021, NIST SP 800-53 rev 5, NIST SP 800-172, NIST Cybersecurity Framework, CERT Resiliency Management Model (RMM), ISO 27002:2013, and CIS CSC 7.1. The expanded requirements often result in organizations experiencing compliance gaps that must be closed before undergoing a CMMC compliance audit.

MorganFranklin is a Registered Provider Organization (RPO) certified by the CMMC Accreditation Body to guide organizations through the process of achieving CMMC compliance. MorganFranklin utilizes a three-step process to help organizations achieve CMMC compliance via identifying and closing the gaps between a company’s current and target security posture.

1. Planning and Discovery

MorganFranklin’s CMMC experts will work with your organization to determine the scope and establish a strategy for the CMMC compliance process. This includes identifying key stakeholders, determining the appropriate target level of CMMC compliance, and gathering the necessary documentation and resources for the Readiness Assessment. At the end of this stage, your organization will receive the following deliverables:

  • Project Plan and Key Milestones
  • Stakeholder Mapping
  • Target State CMMC Level and Use Cases

2. Readiness Assessment and Gap Analysis

The Readiness Assessment and Gap Analysis stage of the process evaluates your organization’s existing policies, procedures, and security controls against the requirements of the target CMMC level. This will be accomplished via interviews/workshops, analysis of existing policies and procedures, and evaluation of current security controls. Deliverables from this stage include:

  • CMMC Maturity Assessment Report
  • Gap Analysis Against Target CMMC Level
  • “Quick Win” Recommendations to Quickly Close Gaps and Reduce Risk

3. Strategy and Roadmap

After reviewing the results from the first two stages, MorganFranklin will develop tailored and prioritized recommendations to enable your organization to achieve full CMMC compliance. Recommendations include insights on necessary organizational enhancements, resource requirements, and resiliency and recovery capabilities. At the end of this final stage of the assessment, your organization will receive:

  • CMMC Strategy and Roadmap
  • Cyber Resilience Recommendations
  • Final Presentation of Results


Learn more about our custom-tailored security strategies. Download our CMMC brochure.


Supporting Your Journey to Compliance

A MorganFranklin CMMC Readiness Assessment will typically span 6-8 weeks. At the end of this assessment, an organization will be equipped with a roadmap that outlines a strategy for achieving the desired level of CMMC compliance.

In addition to performing a Readiness Assessment, MorganFranklin offers support to organizations looking to carry out their CMMC Roadmaps. MorganFranklin has deep expertise in selecting and deploying solutions to meet compliance requirements, and our Managed Security Services offerings help fill an organization’s security gaps.

The MorganFranklin Way™

MorganFranklin’s approach to cybersecurity strategy and GRC solutions allows our consultants to better protect your organization’s brand against threats of all kinds. We’ll tackle the broader issues associated with corporate governance, enterprise risk management, and corporate compliance with a simple, structured approach.

By aligning with your business objectives, you’ll reap benefits such as:

  • Improved decision-making
  • Optimal IT investments
  • Reduced fragmentation with the elimination of silos

You may have a thorough understanding of the need for a GRC strategy, but you may not have the team or resources to implement internally. MorganFranklin can connect you with one of our GRC experts to create a business-aligned strategy that improves your GRC and overarching cyber security decision-making abilities. From security strategy, planning, budgeting and delivery, our consultants have a strong background in IT leadership and organization design. Whether you need part-time, interim or fully outsourced help, MorganFranklin is your trusted source to define and implement an effective GRC strategy.


We are experienced, engaged professionals that are highly energetic and motivated to work in challenging, high stakes environments.