CMMC 2.0: Partnership

VXE is currently a candidate to become a CMMC 2.0 Third-party Assessment Organization (C3PAO), which entails a rigorous series of requirements to become acknowledged by the CMMC Accreditation authority, to provide CMMC 2.0 Certification Services. 



Established CMMC 2.0

Title 48 CFR – 204.75

Key Takeaways

The contracting officer shall include in the solicitation the required CMMC level, if provided by the requiring activity. Contracting officers shall not award a contract, task order, or delivery order to an offeror that does not have a current (i.e., not more than 3 years old) CMMC certificate at the level required by the solicitation.

DIB CTR Requirements

Title 48 CFR – 252.204.7021

Key Takeaways

(b) Requirements: The Contractor shall have a current (i.e. not older than 3 years) CMMC certificate at the CMMC level required by this contract and maintain the CMMC certificate at the required level for the duration of the contract.
(c) Subcontracts: The Contractor shall: Prior to awarding to a subcontractor, ensure that the subcontractor has a current (i.e., not older than 3 years) CMMC certificate at the CMMC level that is appropriate for the information that is being flowed down to the subcontractor.


The ‘Secret’ Sauce

Cybersecurity Engineers & Analysts assess, build, manage, connect, and report on all of our client’s Cybersecurity functions.

VXE employs industry-recognized experts & Cyber AB CMMC 2.0 certified professionals to streamline your organization’s Cyber needs and become CMMC certified.

Our partnership with Apptega allows VXE to boost efficiency by 50%* by leveraging Harmony: an Intelligent Framework Crosswalk tool to automatically map “answered” security controls in one framework, to their “common relatives” in another.


Mitigation & Remediation

  • Leveraging Apptega, VXE addresses all applicable security objectives, derived from scoping the network & corresponding CMMC maturity level, required for your business.
  • Each objective will be implemented with CyberAB’s assessment objects & methods in mind, while ensuring VXE’s efforts are both precise & lightweight, limiting impact to business operations.

Auditing & Certification

The CMMC Ecosystem is comprised of four roles:

  1. Defense Industry Base (DIB) Contractors
  2. Consultants & Implementation
  3. Assessing & Certification
  4. Training & Instructors

CMMC 2.0 as a Service

  • Achieving CMMC 2.0 certification is challenging all on its own, “sleeping” on maintenance and sustainment and assuming you have a “3-year vacation” before readdressing CMMC, is a recipe for disaster.
  • VXE is your vanguard for the 1st half of the battle and your agent for the 2nd half, by actively maintaining your security posture up to date and in the hands of VXE experts.

The President of the United States, through EO 14028: Improving the Nation’s Cybersecurity, has instructed DFARS to implement contractual requirements for protecting sensitive information (FCI & CUI).

Contact Us

Want to Partner with VXE for CMMC 2.0?

Fill out the contact form below and we’ll get in touch with you!

Please enable JavaScript in your browser to complete this form.