SteelToad is among the first of an elite group as an authorized C3PAO and CMMC Provisional Assessors to assist companies with CMMC assessments. CMMC is a unified cybersecurity standard for future DoD acquisitions developed to secure the United States’ defense supply chain (DSC).

Be Ready for CMMC:

CMMC certifications are not currently available by the CMMC-AB . However, according to the CMMC Accreditation Body: “…offering pre-assessments or consulting using the most current draft of the standard is acceptable and encouraged.” (

SteelToad has successfully completed many CMMC gap assessments for fixed-price engagements.  We are CMMC Provisional Assessors and CMMC Registered Practitioners.  SteelToad is providing approved CMMC ML1, ML2 and ML3 gap assessments. 

SteelToad is providing fixed-price CMMC pre-assessments with excellent customer references. Our experience includes performing pre-assessments (gap analysis) and CMMC (level 4 -156 Security practices and level 3 -130 practices) gap assessment for organizations. This experience makes us a valuable partner, particularly for the integration of CMMC with CMMI and ISO standards across a range of environments. 

SteelToad is Authorized to Provide CMMC Provisional Assessments 

Provisional gap assessments for CMMC ML 1, ML2 and ML3. See:

Why consider an early CMMC process review?

SteelToad provides you with “action plans” to use, in effort to prioritize CMMC improvements.  We provide your organization with CMMC assessment reports to identify security domain practices where you have strengths and weaknesses to target for improvement.