NIST SP800-171 & CMMC

US Department of Defense (DoD) has established a Cybersecurity guarantee process for all its suppliers, requiring all its suppliers and sub-suppliers (Defence Industrial Base) to provide adequate guarantees regarding their “Cybersecurity Posture”.

  • From 2021 in all contracts, even those already in place, the obligation to comply with NIST SP800-171 Rev.2 will be included. Starting form 2021, some new RFQs will require to supplier to be certified with the new Cybersecurity Maturity Model Certification (CMMC), and starting from 2025 all RFQs will require CMMC certification to be able to bid a new defence contract.
  • The basis of the CMMC is the NIST SP800-171 standard, and Level 3 of the CMMC corresponds to being fully compliant with NIST SP800-171 as required by DFARS clause 252.204 - 7019, to which 20 additional security checks will be provided.
  • Gerico Security supports Italian and European companies in reaching the compliance to NIST SP800-171 and in the following reaching CMMC certification, both Level 1 or Level 3, guiding them through the assessment of their own “Security Posture”, the identification of the necessary action to achieve the compliance with DoD requirements then, guiding them through the certification process.
A new frontier in Cybersecurity certifications

Gerico Security is the Italian focal point for CMMC- Cybersecurity Maturity Model Certification – guiding the defence companies of Italy through the NIST SP800-171 requirements


Gerico security srl, signing the MoU with CMMC-CoE (USA) and CMMC-EU (UK) acts as the Italian focal point for the CMMC – Cybersecurity Maturity Model Certification – and NIST SP800-171 for the national defense companies within the Defence Industrial Base (DIB) of the United States DoD.


There are no boundaries in cyber space, and therefore Giustino Fumagalli of Gerico Security joins the U.S. CMMC-CoE Advisory Board, engaged in building bridges between the two sides of the Atlantic ( )


In the light of more and more sophisticated threats and attacks, Cybersecurity requires increased attention to effective corporate governance and a high level of expertise. We who are Gerico Security’s specialists in information security Governance believe that the CMMC model will be the main cybersecurity standard over the years. This is going to be not only for the defence sector but also for the whole B2B and the provision of services to the public administration.

For further details, please download signed MoU: