CMMC Accreditation

Engagement
End-to-end CMMC Level 2 accreditation journey spanning early adoption, advisory services, and full certification readiness through real-world implementation and audit execution.
Industry
Cybersecurity Compliance & Defense Contracting (CMMC / NIST 800-171)
Scope of Work
Policy development, risk assessments, vulnerability management, tabletop exercises, audit preparation, and evidence organization aligned to CMMC Level 2 requirements.
Accreditation Milestone
Successfully achieved CMMC Level 2 certification in 2026 following mock assessments, final rule alignment, and third-party audit readiness validation.
Timeline
2019–2026 journey from early CMMC adoption and RP certification through multi-year preparation, culminating in successful Level 2 accreditation.

This engagement was driven by a long-term commitment to mastering CMMC and delivering real-world compliance outcomes.

Beginning in 2019, Jon Brown identified the Cybersecurity Maturity Model Certification (CMMC) as a critical shift for organizations supporting the Department of Defense. Early efforts focused on understanding the framework and its foundation in NIST 800-171, recognizing that compliance would soon become a baseline requirement rather than a competitive advantage.

In 2020, Jon achieved CMMC Registered Practitioner (RP) certification and began working directly with organizations navigating early-stage compliance. Initial engagements included gap assessments, policy alignment, and readiness planning, helping teams translate complex requirements into actionable steps while preparing for future audits.

From 2021 through 2024, the focus shifted to full-scale implementation. This included developing tailored policies and procedures, conducting risk assessments, building vulnerability management programs, and leading incident response tabletop exercises. During this phase, Jon refined a repeatable approach centered on evidence, execution, and audit readiness rather than documentation alone.

Following the release of the CMMC Final Rule and completion of mock assessments, this multi-year effort culminated in achieving CMMC Level 2 certification in 2026—demonstrating end-to-end capability across preparation, audit execution, and post-assessment validation.

A historical view of my CMMC journey over time

Achieved CMMC Level 2 Certification
Successfully completed a third-party aligned audit process, demonstrating full compliance with CMMC Level 2 and NIST 800-171 requirements.
CMMC Final Rule & Mock Assessment
Aligned controls and documentation to the final rule, conducted mock assessments, and validated audit readiness including evidence traceability and control testing.
Implementation & Program Maturity
Built and operationalized full compliance programs including policies, risk assessments, vulnerability management, and incident response tabletop exercises.
CMMC 2.0 Industry Shift
Transitioned from CMMC 1.0 to 2.0, aligning methodologies directly to NIST 800-171 and focusing on practical control implementation and audit readiness.
CMMC RP Certification & Early Services
Achieved Registered Practitioner certification and began delivering gap assessments, policy alignment, and early-stage compliance advisory services.
Early CMMC Adoption & Research
Began researching CMMC and NIST 800-171, identifying early the importance of compliance for defense contractors and positioning ahead of industry adoption.

Insights from Jon Brown CMMC Registered Practitioner

Testimonial 1

"CMMC isn’t about passing an audit—it’s about building a program that stands up to scrutiny. The organizations that succeed are the ones that prioritize execution, clear evidence, and operational maturity over documentation alone. "