We’ve made understanding DFARS and CMMC our job, so you can focus on yours.

Defense contractors possessing controlled data are subject to the Defense Federal Acquisition Regulation Supplement (DFARS). This requires building a cybersecurity program to implement the DFARS requirements, as well as the NIST Special Publication 800-171 requirements.

Moving forward in 2021 and into 2022, the Department of Defense is augmenting the DFARS with a more robust certification-driven program called the Cybersecurity Maturity Model Certification (CMMC). In this new program, contractors will be required to achieve a certification of cybersecurity maturity at specific levels. These certifications introduce a new third-party certification structure, that will put defense contractors in front of third-party assessors, who will verify the required maturity levels have been reached. As of December 2020, the CMMC program is piloting a rollout to select contracts.

Contractors with the current DFARS clause in contracts should continue focusing on implementing NIST SP 800-171 and the other DFARS requirements, while building a plan for eventual CMMC certification. It’s important to note that the requirements of DFARS, including NIST 800-171 and CMMC, take significant time (up to 12 months) and investment to fully implement.

Sentinel Blue is a trusted partner that helps defense organizations build the cybersecurity maturity required to meet the rigorous standards through our Sentinel Shield program. Our team have been involved in the DFARS effort since the original push of NIST SP 800-171, and maintain a daily awareness of the CMMC. Sentinel Blue is a CMMC 3rd Party Assessment Organization (C3PAO) with the CyberAB.

You can view our C3PAO profile page here: https://sblu.us/c3pao


Our team consists of former defense industry insiders; we’ve implemented the standards. We know the industry, we know your business.


We’re your trusted partner. Our team will take control and take responsibility to oversee a successful compliance program.


The first step is knowing where we’re at. Our team can provide both lightweight and robust  assessments to give you actionable information.


We bring deep technical capabilities to support your program. Our services are built to meet the requirements and scale to your organization.


Our solutions have been vetted by industry and the cybersecurity community; there’s no secret sauce, just best in class solutions and capabilities.


Our engagements don’t end when we finish implementing. We’re with you all the way. We sit next to our partners during their certification cycle.

Ready to get DFARS compliant?