Phy-Cy.X Security Group, LLC become the second CMMC RPO in Wichita, Kansas.

UPDATE: As CMMC progresses on, effective Nov 30, 2020 an interim DFARS rule is being integrated where all DOD contractors whom currently self attest to NIST 800-171 will need to have a BASIC assessment conducted and score provided to the Supplier Performance Risk System in order to remain eligible for contract awards. Call us today to see how we can help you conduct a NIST assessment utilizing the Assessment Methodology to generate your score and post to the SPRS.


Are you a DoD contractor, sub-contractor, or sell products utilized in defense programs? If so, are you ready for CMMC? The Department of Defense has updated and released CMMC Version 1.02, 8 March 2020. All those who supply products to the DoD must comply and be certified under CMMC to be awarded new contracts and for some, to maintain ones already awarded. Fortunately, Phy-Cy.X is here to assist as we offer our consulting, managed services and assessment (not CMMC certification assessments) offerings to tackle this endeavor through the utilization NIST 800-171. Additionally, Phy-Cy.X is in the application process for Registered Provider Organization status ensuring we remain the resident experts on CMMC subject matter for our fellow organizations whom desire compliance assistance! NOTE: CMMC AB does not allow for both support and audit by the same organization in the event Phy-Cy.X obtains C3PAO status in the future.

CMMC levels (1-5)

Level 1 requires only practice (technical) activities, while Levels 2 – 5 contain both practice and process (documentation) requirements. In total there are 17 domains consisting of 17 line items for Level 1 up to 171 line items for Level 5. If you plan on certifying at Level 1 it may be beneficial to build a program that meets Level 2 requirements in the event your organization believes that certification at Level 3 may be required at a future date. Contact us today to see what program best suites your needs!

Level 1 – Focuses on basic cyber hygiene as specified within 48 CFR 52.204-21. No process requirement.

Level 2 – Focuses on intermediate cyber hygiene. Standard operating procedures, policies and plans are established.

Level 3 – Focuses on good cyber hygiene that meets NIST SP 800-171 Rev 1. Review of adherence to policy and procedures and adequate resources.

Level 4 – Substantial and proactive cybersecurity program. Review for effectiveness and informs management of issues.

Level 5 – Ability to optimize capabilities to repel advanced persistent threats (APT). Standardization across all organizational units and improvements shared.