The Cybersecurity Maturity Model Certification (CMMC) will affect all businesses in all industries that engage with a U.S. federal agency. Level 1 of CMMC requires 59 practices to be achieved; Level 2 of CMMC requires 320 practices.  These practices are based on the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171. Depending on the type of documentation you possess (i.e., Federal Contract Information (FCI), Controlled Unclassified Information (CUI), Covered Defense Information (CDI), etc) will dictate which CMMC level you must achieve.

These requirements have been in place since December 31, 2017, but starting October 1, 2025, businesses will need to be certified or attest that they meet the needed requirements. Epley Consulting LLC can assist you to understand your obligations with CMMC and work with you to prepare for the CMMC assessment.

Only trust providers who have been designated by the CMMC-Accreditation Body who are listed in the CMMC Marketplace. Wendy Epley is a CMMC-Registered Practitioner and Certified CMMC Professional (candidate).  See her profile on the CMMC Marketplace at

Feeling Overwhelmed With Where To Begin?

Contact us for a free consultation. We'll help you think things through.