Edwards & CMMC   |  Training & Education   |   Consulting & Assessments   |   CMMC FAQ

Edwards & The CMMC Ecosystem

Edwards plays a role in nearly every aspect of the Cybersecurity Maturity Model Certification (CMMC) ecosystem including training, consulting, assessments, and certification. Edwards supports Organizations Seeking Assessment (OSA) and Organizations Seeking Certification (OSC) as a Registered Practitioner Organization (RPO) and an authorized CMMC Third Party Assessment Organization (C3PAO), providing The Cyber AB approved assessments, consulting, and audit preparation. We are also an Approved Training Provider (ATP) and an Approved Partner Publisher (APP), developing training and delivering The Cyber AB certified classes to organizations and individuals preparing for certification exams or using APP curriculum. 

Our cybersecurity experts bring more than 50 years of combined experience assessing and interpreting standards, guidelines, and best practices to strengthen cybersecurity programs. This depth of knowledge makes Edwards a trusted choice for your CMMC needs.

Schedule A Meeting

Assessments

Edwards is an Authorized CMMC Third-Party Assessment Organization (C3PAO) with Certified CMMC Assessors on staff, ready to support your formal CMMC assessment. Contact Info@EdwPS.com today!

Consulting

Edwards is an RPO, but more importantly, our consultants are also CMMC Provisional Assessors. In fact, many of our consultants teach our CCP classes and developed our curriculum. Learn more.

Education

As an APP, Edwards developed the curriculum to train the assessment community using cybersecurity SMEs and ISDs. Our courses prepare individuals to do the job an OSC expects when they hire a CMMC Professional.

 

Training

As an ATP, Edwards uses our own renowned curriculum to train members of the OSC team, consultants, supporting organizations (e.g., MSPs), and of course the assessors themselves. View our courses.

 

CMMC QUICKFACTS

  • CMMC draws from NIST SP 800-171 Revision 2, as well as standards from the DoD and the international security community; the framework focuses on implementing these NIST SP 800-171 Rev 2 security safeguards for Controlled Unclassified Information (CUI)
  • CMMC requirements scale by level, based on the contract and sensitivity of the data, and organizations must fully meet all requirements for the level assigned
  • CMMC requirements are now codified in 48 CFR, with the Final Rule published September 10, 2025. The phased rollout begins November 10, 2025, making CMMC clauses enforceable in new DoD contracts
  • CMMC includes the entire DoD industrial base – approximately 300,000 contractors and subcontractors
  • Authorized Approved Partner Publishers (APPs) and Approved Training Providers (ATPs) offer certified training programs for organizations and individuals seeking to prepare for CMMC compliance

What is CMMC 2.0?

The Cybersecurity Maturity Model Certification (CMMC) is a unified standard for implementing cybersecurity across the defense industrial base. While the CMMC Standard was created for the Defense Supply Chain, there are many other government agencies and allies of the United States interested in using the CMMC Standard.

The standard is overseen by The Cyber AB. The Cyber AB establishes and oversees a qualified, trained, and high-fidelity community of consultants and assessors who can deliver consistent and informative assessments to participating organizations against a defined set of controls/best practices within the CMMC Program. The CMMC Model itself is created and managed by both The Cyber AB and the DoD.

CMMC is designed to

  • Safeguard sensitive information to enable and protect the warfighter
  • Dynamically enhance DIB cybersecurity to meet evolving threats
  • Ensure accountability while minimizing barriers to compliance with DoD requirements
  • Contribute toward instilling a collaborative culture of cybersecurity and cyber resilience
  • Maintain public trust through high professional and ethical standards

The CMMC Framework

The Cybersecurity Maturity Model Certification (CMMC) consolidates various cybersecurity standards and best practices, mapping these controls and processes across three certification levels that range from basic cyber hygiene to advanced practices. The level of certification an organization requires is determined by the type of information they handle and the work they are bidding on.

With CMMC now finalized under Title 48 CFR, requirements will begin appearing in Department of Defense contracts starting November 10, 2025. Preparing for compliance is more critical than ever, as demand for assessments will be high and failing to demonstrate readiness could delay or block contract awards. CMMC compliance is now a go or no-go decision at the time of award.

CMMC Success Story

How Harkins Builders Simplified CMMC Certification

Harkins Builders partnered with Edwards Performance Solutions to navigate the complexities of CMMC compliance. Through expert guidance, strategic tools, and collaborative planning, they achieved a streamlined path to certification.

Read the Full Story

CMMC EDUCATION & CERTIFICATION

Working towards self attestation or formal CMMC certification can be a daunting task for any organization. This is where training and education make a significant difference in understanding the CMMC framework, applying best practices, and protecting sensitive information. A solid comprehension of the legal and regulatory guidance related to the Department of Defense (DoD) cybersecurity requirements is critical for success.

As The Cyber AB’s Approved Partner Publisher (APP) and Approved Training Provider (ATP), Edwards produces high quality CMMC training materials for other ATPs and Organizations Seeking Assessment (OSA) / Organizations Seeking Certification (OSC).

The Cyber AB’s Approved Training Materials (CATM) are developed by internal and external CMMC experts, combining real world NIST assessment and consulting experience. Our sought after CMMC courses and boot camps are led by Certified CMMC Instructors, respected leaders in the CMMC training ecosystem. Edwards’ instructional design approach, refined over 25+ years, ensures our curricula consistently set the standard for quality and professionalism.

Our online CMMC courses and accompanying materials are created and delivered by industry leaders. For those who prefer flexibility, our Guided Learning option combines self paced study modules with live instructor led study sessions, offering accessible ways to develop CMMC expertise. Additionally, we provide customized training solutions and discounts for multiple seat purchases—contact us to learn more.

The Cyber AB COURSES ARE IN Session!

Your CMMC certification journey begins with a solid foundation. The Cyber AB-approved 5-day CCP course and the Guided Learning CCP course provide a comprehensive look at the CMMC framework, preparing participants to excel as CMMC assessors, implementers, or consultants. With instruction led by our team of experienced Certified CMMC Instructors, participants gain a well-rounded understanding of CMMC standards and best practices.

Building on the CCP foundation, the 5-day CCA course deepens your knowledge of the CMMC model by taking the perspective of an actual assessment. Through multiple OSC scenarios that vary in size, locations, and system configurations (on-premises vs. hybrid), this course prepares participants for the CCA exam and equips them to contribute effectively to a C3PAO assessment team or to guide an organization through a successful Level 2 CMMC assessment.

Enroll in a session today or contact us to book a private class!

VIEW CURRENT COURSES

CMMC CONSULTING & ASSESSMENTS

To work with the government, organizations must self attest to NIST SP 800-171 Rev 2 safeguards at CMMC Level 1 for Federal Contract Information (FCI), or meet Level 2 requirements for Controlled Unclassified Information (CUI) through self attestation (if allowed by contract) or an independent assessment by a Certified Third Party Assessment Organization (C3PAO). Many organizations, however, are unsure where to begin. The Cyber AB created the Registered Provider Organization (RPO) designation to help Organizations Seeking Assessment (OSA) / Organizations Seeking Certification (OSC) select consultants with verified expertise and knowledge of CMMC concepts. For official CMMC assessments, only C3PAOs are authorized to certify compliance with Level 2 requirements. If a government contract requires Level 3, a C3PAO assessment for Level 2 compliance is required prior to a DIBCAC Level 3 assessment.

As both an RPO and a C3PAO, Edwards provides advisory CMMC Level 1 and Level 2 consulting services, including readiness assessments to develop a tailored CMMC action plan. While OSA/OSC organizations can work with an RPO or C3PAO to prepare for certification, the same C3PAO cannot be engaged for both readiness consulting and the official CMMC assessment. All verified RPOs and C3PAOs are listed on The Cyber AB Marketplace. At Edwards, our mission is to guide DoD suppliers toward successful CMMC certification and support the CMMC maturity levels defined by The Cyber AB

Our team of cybersecurity experts brings over 50 years of combined experience in assessing and interpreting standards, guidelines, and best practices to improve cybersecurity programs. Edwards has conducted NIST SP 800-171 Rev 2 assessments since 2015 and was an early entrant into the CMMC program ecosystem. We are here to assist you every step of the way on your CMMC journey.

CMMC PREPARATION

Our targeted yet straightforward approach delivers big results while respecting your budget, timeline, and the needs of your key stakeholders. Each engagement is customized to fit your business requirements. We partner with you to ensure readiness for the formal CMMC assessment process. Where weaknesses or gaps are identified, we develop goal-oriented, impactful action plans that support compliance while driving positive outcomes for your organization.

Currently, Edwards offers CMMC Level 1 readiness assessments, helping organizations calculate their Supplier Performance Risk System (SPRS) score by evaluating their systems against the NIST SP 800-171 Rev 2 framework. We also provide CMMC Level 2 readiness or mock assessments, designed to help organizations prepare for the certification process.

Discover Edwards Performance Solutions

Tailored Expertise. Comprehensive Support.

Our consulting services include:

  • Data Flow Diagramming
  • Scoping
  • Full-Scale Gap Assessments
  • Remediation Planning and Road Mapping (i.e., POAMs)
  • Remediation Support

As the DoD releases additional guidance, Edwards continues to expand our service offerings to meet the evolving needs of the CMMC ecosystem. Contact us for more information and to learn how we can support your CMMC journey.

Let's Chat

- or -

CALL 443.561.1334

This website uses cookies to support site functionality and improve user experience. By selecting Accept, you consent to the use of cookies in accordance with our Terms & Conditions and Privacy Policy. © Edwards Performance Solutions 2026

Accept & Close
Accept Only Essential