top of page
Welcome to AXIOTROP, Your CMMC Partner
Cybersecurity Maturity Model Certification (CMMC)
CMMC is essential for businesses seeking to participate in DoW contracts, ensuring that they are capable of protecting United States national defense information and defending against cyber threats and maintaining the highest standards of information security.
By achieving CMMC, companies not only comply with DoW requirements but also demonstrate their commitment to national security, maintaining the integrity of the supply chain, and protecting our war fighters.
CMMC History
2010
-
Executive Order (EO) 13556, "Controlled Unclassified Information" (CUI) program established.
CMMC 2.0
The CMMC 2.0 model has been streamlined to three levels, aligning its requirements with the NIST SP 800-171 and NIST SP 800-172 standards.
The assessment process has been revised, with limited use of Plans of Action and Milestones (POA&Ms) and time-bound waivers requiring senior DoW approval.
Level 1 DIB contractors are allowed to self-assess their cybersecurity programs and provide an attestation to the DoW.
Most Level 2 and all Level 3 DIB contractors are required to obtain a third party assessment of their cybersecurity program.
AXIOTROP Webinars
AXIOTROP has had the opportunity to participate in these insightful webinars, providing valuable knowledge and engaging with industry experts. Explore the webinars and discover key takeaways that will support your CMMC journey!
Included below is a webinar series dedicated to CMMC education. Hosted by RIMA, featuring AXIOTROP
CMMC Client Testimonials
AXIOTROP Blogs
Phase 1 is Here: CMMC Compliance is Now a Mandatory Checkpoint
The Department of War (DoW) has finalized the acquisition rule in Title 48 of the Code of Federal Regulations (CFR), cementing CMMC as an immediate contract requirement. This swift regulatory action, demonstrated by the Office of Information and Regulatory Affairs (OIRA) clearing the rule in just 34 days, underscores the government’s urgency regarding cybersecurity in the defense supply chain. For organizations seeking to protect sensitive data, the timeframe is extremely ti
clairekelley0
Nov 6, 2025
The CMMC Readiness Reality
The debate over whether the Cybersecurity Maturity Model Certification (CMMC) will show up in defense contracts is officially over. With the Title 48 final rule published and taking effect November 10, 2025, it requires your immediate attention. If you wait until you see CMMC requirements in solicitations, you have waited too long. Organizations must now align their CMMC preparation with the reality of the implementation phases and their appropriate level. The CMMC Level 2
clairekelley0
Oct 22, 2025
What is the POA&M Process for Final CMMC Certification?
If an Organization Seeking Certification (OSC) has met most, but not all, security requirements, it may be eligible for a Conditional Certificate of CMMC Status. This is possible if the unmet requirements are documented on an existing and valid POA&M that complies with the regulations in 32 CFR §170.21. However, if an OSC has unmet security requirements and a valid POA&M is not attainable, the C3PAO will recommend that no certificate be issued. The details of how POA&Ms work
clairekelley0
Sep 17, 2025
How CMMC Level 2 Certification Strengthens Your Place as a Trusted Partner
For companies in the Defense Industrial Base (DIB), achieving CMMC Level 2 certification is more than a compliance milestone. Now more...
clairekelley0
Aug 22, 2025
Proactive CMMC Compliance for the DoD Supply Chain
A common misconception among many at the lower end of the Defense Industrial Base (DIB) supply chain is the assumption that the...
clairekelley0
Jul 31, 2025
The CMMC Countdown is Over: What Every DoD Contractor Needs to Know NOW
As CMMC Assessors, we have been closely watching the Cybersecurity Maturity Model Certification (CMMC) journey, offering guidance, dispelling myths, and preparing the defense industrial base for the inevitable. Today, we bring you news of monumental significance that confirms what we have stressed for years: CMMC is no longer a distant threat; it is an immediate reality for your DoD contracts. The big reveal, the one we have all been anticipating, happened on July 22nd, 2025
clairekelley0
Jul 29, 2025
Understanding Identification & Authentication
In today’s increasingly digital business environment, cybersecurity can no longer be delegated solely to the IT department—especially...
clairekelley0
Apr 22, 2025
Nick Garvey
Apr 17, 2025
Nick Garvey
Apr 17, 2025
Nick Garvey
Apr 17, 2025
Nick Garvey
Apr 17, 2025
Securing Business Success with System & Information Integrity Domain
In today’s fast-paced digital landscape, cyber threats evolve at an unprecedented rate. Ensuring the security and reliability of your...
clairekelley0
Apr 8, 2025
Understanding the Critical Role of Communications Protection in Safeguarding
In today’s digital age, communication protection isn’t just a technical necessity, it’s a business imperative. For organizations dealing...
clairekelley0
Apr 1, 2025
Stop Procrastinating – Essential CMMC Awareness Workshop
Stop Procrastinating – Essential CMMC Awareness Workshop
Nick Garvey
Mar 12, 2025
CMMC Is Taking Effect: What DoD Contractors Can Expect in 2025
Hosted by Virtru & Axiotrop Date: November 19, 2024 11 AM – 12 PM Moderator: Andrew Lynch, Virtru Panelists: Joe Devine, CEO, Axiotrop Webinar Recording Virtru
Nick Garvey
Mar 12, 2025
Understanding Personnel Security in NIST SP 800-171r2
When it comes to protecting sensitive information, NIST SP 800-171r2 requires we provide security around the people accessing your...
clairekelley0
Jan 27, 2025
CMMC Budgeting 101: What Every Defense Contractor Should Know
As cybersecurity becomes more important for businesses handling defense contracts, understanding the Cybersecurity Maturity Model...
clairekelley0
Jan 7, 2025
CMMC – a long time in the making…
The journey to secure our nation’s military secrets, specifically controlled unclassified information (CUI) has been anything but swift.
clairekelley0
Dec 10, 2024
Virtru's CMMC Compass Series Webinar features Joe Devine
On November 19, Joe Devine, President of Axiotrop, and Andrew Lynch, Vice President of Sales at Virtru discussed the final updates to...
clairekelley0
Dec 3, 2024
AXIOTROP Celebrates Winning PBN 2024 Manufacturing Awards
We’re excited to share that AXIOTROP was honored at the Providence Business News (PBN) 2024 Manufacturing Awards! We won in the...
clairekelley0
Nov 21, 2024
The Hidden Risks of Inflated SPRS Scores, Why Accuracy Matters for Government Contracts
Getting an accurate Supplier Performance Risk System (SPRS) score is essential for companies aiming to secure government contracts....
clairekelley0
Nov 12, 2024
Boosting Your SPRS Score: Key Steps to Strengthen Cybersecurity Compliance and Win Contracts
In the last blog we walked through the process of posting your SPRS score. But before you can post it you need to accurately determine...
clairekelley0
Nov 5, 2024
Decoding SPRS Scores for Compliance for Defense Contractors
For government contractors, particularly those in the defense industry, navigating the world of cybersecurity compliance can feel like a...
clairekelley0
Oct 29, 2024
Understanding DOD CMMC Level 2 vs. Level 1
If your company works with the Department of Defense (DoD), you’ve probably heard of the Cybersecurity Maturity Model Certification...
clairekelley0
Oct 22, 2024
DIB Rulemaking Update (Q4)
The CMMC 2.0 Final Rule is moving toward final publication. Today, October 15, 2024, Title 32 Part 170 was published by the Department of...
Joe Devine
Oct 15, 2024
Understanding the CMMC Rules: What’s the Difference Between Title 32 and Title 48?
During the CMMC rulemaking process, the DoD has been crafting two separate but co-dependent Code of Federal Regulations (CFR) titles....
clairekelley0
Oct 8, 2024
Revenue hit from a cyber breach - don’t let this happen to you!
In August 2023, Clorox Corp, the large consumer products company experienced a breach of their production systems. The resulting...
clairekelley0
Oct 1, 2024
Cyber Hijacking of a Yogurt Shipment - What Next???
Hackers are becoming more creative by the day as they breach companies seeking financial gains or for other malicious reasons. The Wall...
Joe Devine
Sep 10, 2024
DIB Rulemaking Update (Q2)
The wheels of government may turn slowly, but they are turning and in the last few months we have a lot of movement to report concerning...
Joe Devine
May 15, 2024
Trade & Transportation Cybersecurity Survey – Insights and Recommendations
In Summer 2023, we surveyed about 30 trade and transportation executives regarding cybersecurity. Here’s what they told us: Just over...
Joe Devine
Apr 9, 2024
Breaches Increase Despite Greater Cybersecurity Spending - Why?
Breaches increased almost 80% from 2022 while in 2023, global cybersecurity spending reached almost $200 billion. Business leaders are...
Joe Devine
Apr 2, 2024
Public Comment Period Ending soon for CMMC 2.0
The Department of Defense (DoD) published the CMMC 2.0 Proposed Rule on December 26th. This kicked off a 60 day “public commenting...
Joe Devine
Feb 20, 2024
What is a Cybersecurity Assessment and Why Should You Get One?
Cybersecurity risk assessments assist organizations in understanding the cyber risks to their operations (e.g., mission, functions,...
Joe Devine
Nov 7, 2023
Cybersecurity Talent – Another Reason to Outsource / Partner with a Highly Qualified Cybersecurity &
It’s so difficult for most MSPs to attract and retain highly qualified professionals in this highly specialized field. Most MSPs cannot...
Joe Devine
Apr 25, 2023
CTPAT Added Cybersecurity Criteria to Their Minimum Security Criteria - What Now?
Since the United States Customs and Border Protection's Trade Partnership Against Terrorism (CTPAT) added cybersecurity criteria to their...
Joe Devine
Apr 11, 2023
Implications of the National Cybersecurity Strategy for SMB’s
With deepening dependencies on digital technologies by industry and public sector entities and increasing software-systems complexity,...
Joe Devine
Apr 6, 2023
Why it’s Time to Complete an Independent Cybersecurity Assessment
Cybersecurity attacks are increasing but the threat landscape in shifting. According to a World Economic Forum February 2023 article,...
Joe Devine
Mar 21, 2023
Enterprise Risk Management and Cybersecurity - A Growing Challenge
Most companies were unprepared for the 2020 pandemic and the continued effects that rippled through economies around the world. While...
Joe Devine
Mar 7, 2023
Why should an MSP consider partnering with a Cybersecurity & Compliance Firm?
If your clients haven’t asked you about their cybersecurity posture yet, chances are – they will. And yet, establishing and leading a...
Joe Devine
Feb 21, 2023
eCommerce and Cybersecurity - a Risky Mixture?
Since the early 1990’s, eCommerce has greatly assisted procurement, payments and other activities. For consumers, this has broadened...
Joe Devine
Feb 7, 2023
The Cybersecurity Talent Gap is Widening - Is “Renting” Your Best Alternative?
As we all know, the threat landscape is worsening. While cybersecurity budgets at many companies are increasing but finding talent is...
Joe Devine
Jan 24, 2023
CMMC 2.0 Is on Its Way - Here's What You Need to Know
We get lots of questions about when CMMC 2.0 will be complete. The Department of Defense (DOD) has been in rulemaking for over a year,...
Joe Devine
Dec 22, 2022
AXIOTROP Attains CMMC Certification for Second Year
AXIOTROP is re-certified by The Cyber AB for 2023 as a Registered Practitioner Organization (RPO) as it relates to CMMC implementation....
Joe Devine
Dec 9, 2022
Strengthening your Cybersecurity Shouldn’t be a Cash Drain
The threat of a breach is forever present and increasing, as we all know from daily media reports. This isn’t surprising; we live in a...
Joe Devine
Dec 6, 2022
The Key to MSP Growth in 2023? Cybersecurity Expertise
The managed service provider (MSP) sector is forecasted to experience considerable long-term growth (CAGR of 13.4% from 2022 to 2030) as...
Joe Devine
Nov 15, 2022
What is NIST? Why use the NIST Cyber Security Framework?
A Short History Many people haven’t heard of NIST. The National Institute of Standards and Technology (NIST) was founded in 1901 and is...
Joe Devine
Nov 8, 2022
Strengthening Cybersecurity for Competitive Advantage
Breaches are increasing for companies of all sizes and industries since the number and sophistication of hackers has increased. Indeed,...
Joe Devine
Nov 1, 2022
Why AXIOTROP?
People often ask me why I created AXIOTROP. As the saying goes, good things come in threes – as do my reasons for starting this company:...
Joe Devine
Oct 25, 2022
bottom of page