Cybersecurity Maturity Model (CMMC) Advisory And Assessment

Get CMMC Compliant

Using automated systems, process, controls with prepared forms and templates we make this process clear, straightforward and accountable with results to meet your CMMC compliance requirements.

Now as a candidate Certified Third Party Assessment Organization (C3PAO), Cyberleaf's Provisional Assessors will be able to complete your CMMC assessment.
Two professionals look at a laptop together with computing machines in the background

What Are CMMC, RPO, And C3PAO?

Cybersecurity Maturity Model Certification (CMMC) Compliance

The Cybersecurity Maturity Model Certification, introduced by the Department of Defense (DoD) in 2019, requires suppliers and contractors to pass a third-party audit of their cybersecurity readiness or risk losing their ability to compete for and deliver on certain DOD contracts. When fully operational, the CMMC would be mandatory for all entities doing business with the DoD at any level, including flowdown provisions to lower tier contractors.

 All contractors and suppliers, primes and subs are required to:

  • Establish protocols to protect Controlled Unclassified Information (CUI), Federal Contract Information (FCI), and other data, network, and systems of the Defense Industrial Base (DIB) sector. 

  • Meet one of the CMMC trust levels and 

  • Demonstrate that cybersecurity has been sufficiently implemented through the completion of independent validation activities. 

In November 2021, the Department announced “CMMC 2.0,” an updated program structure and requirements designed to achieve the primary goals of the internal review:

  • Safeguard sensitive information to enable and protect the warfighter

  • Dynamically enhance DIB cybersecurity to meet evolving threats

  • Ensure accountability while minimizing barriers to compliance with DoD requirements

  • Contribute towards instilling a collaborative culture of cybersecurity and cyber resilience

  • Maintain public trust through high professional and ethical standards

With its streamlined requirements, CMMC 2.0 aimed to cut red tape for small and medium sized businesses, set priorities for protecting DoD information, and reinforce cooperation between the DoD and industry in addressing evolving cyber threats.

CMMC 2.0 requires contractors to meet one of three compliance levels:

Chart illustrating CMMC compliance levels for CMMC 2.0

Advisory Services: CMMC-AB Registered Provider Organization

With Registered Practitioners on staff, Cyberleaf has the necessary certifications, resources, and cybersecurity expertise to enable you to successfully prepare for your CMMC Compliance Assessment. Our staff can guide your team through:

Understanding CMMC Requirements
Evaluating Current CMMC Readiness
Developing Compliance Plan
Implementing Changes to Procedures
Completing Pre-assessment Evaluation
Depending on the level of CMMC Compliance sought, your organization will need to comply with up to 110 or more practices across NIST SP 800-171 r2 & Rev b, (FAR) 48 CFR 52.204-21 and other practices. We can help!

CMMC Compliance Assessment: Certified 3rd Party Assessment Organization (C3PAO)

Waterleaf (Cyberleaf's parent company) has been cleared by the CMMC-AB as a candidate Certified 3rd Party Assessment Organization (C3PAO). Our staff are certified by the CMMC-AB as Provisional Assessors Level 1-3 and can complete assessments on behalf of the company.

Progressively More Difficult Compliance Obligations

There are three cumulative Certification levels to the CMMC 2.0:

  • Level 1 – focuses on the protection of FCI and consists of only practices that correspond to the basic safeguarding requirements specified in 48 CFR 52.204-21, commonly referred to as the FAR Clause.  (This level has 17 practices and requires annual self-certification.)
  • Level 2 “Advanced” – focuses on the protection of CUI and encompasses the 110 security requirements specified in NIST SP 800-171 Rev 2. This level requires third party certification.
  • Level 3 “Expert” – Level 3 will be based on a subset of NIST SP 800-172 requirements. Details will be released at a later date.

Learn More

Cyberleaf is an expert in the requirements for CMMC compliance and can guide you on your journey. In addition, Cyberleaf's Cybersecurity-as-a-Service can be a key component in your compliance plan.

Jonathan Meyn

Director of Channel Sales

Jonathan is responsible for the Channel Strategy at Cyberleaf. He has over 10 years of experience in various technology solutions sales leadership roles. He has driven cybersecurity strategy and growth within the nation’s leading managed service providers.

Jonathan has a Communications Degree from Pennsylvania State University.

Brant Feldman


Brant served in Naval Special Warfare for 11 years.  He separated as a Lieutenant Commander having served at SEAL Team TWO, SEAL Team FOUR, and SEAL Team SIX.  Following his Naval service, Brant joined ADS in 2008 and was ultimately promoted to Chief Sales Officer, where he directed all sales, supplier, and marketing efforts.  His team was comprised of over 200 sales professionals who drove $3.2B in annual sales.  In 2022, Brant left ADS to pursue opportunities in Private Equity.

Brant has a Juris Doctorate from the University of Virginia School of Law, an Executive MBA from the Darden School of Business and degrees in Economics and Government from the University of Virginia.

Will Sendall


Will served as Chief Financial Officer to various private equity and VC backed high growth technology companies where he managed the financial and operational functions.  Will has also successfully executed multiple debt and equity fundraising processes and led both buy and sell sides of M&A processes.

Will has a MBA from the University of North Carolina – Chapel Hill and a degree in Accounting from Appalachian State University. 

Marshall Howard

Executive Vice President

Marshall is responsible for engineering and project management for Waterleaf. He has over 20 years of executive experience across startup operations and Fortune 500 companies in multiple areas including Operations, Engineering, Technology Implementation, Business Planning/Budgeting, Finance/M&A, Revenue Assurance, and Regulatory Affairs.

Previously Marshall served as a Vice President at T3 Communications, Inc., a Fort Myers, FL-based CLEC and managed services provider. Before joining T3, Marshall served as VP of Network Technology and Business Development at Cleartel Communications (now part of Birch Communications), where he played a major role in acquiring and integrating three other CLECs.

Marshall earned a BS in Physics from Rhodes College, an MSEE from Vanderbilt University, an MBA from Southern Methodist University, and completed post-graduate work in Finance and Economics at Vanderbilt University. In addition, he has earned a Project Management Professional (PMP) certification, and last but not least, he is a Certified CMMC Assessor.

David Levitan


David has over 30 years of experience as a telecommunications industry executive, leading technology and services organizations that have designed, built, and maintained fiber and wireless infrastructure across the US and internationally. He has extensive development, product marketing and general management experience operating independent, sponsor-backed, and publicly traded companies.

David’s previous experience includes executive leadership roles in start-up and publicly traded companies. As President of C-COR Network Services, he drove over 30% sales growth through a team of 400 employees delivering network infrastructure services for broadband operators, while also serving as an officer of parent company C-COR, Inc. At Scientific-Atlanta, Inc David held a progression of leadership and executive positions as the broadband division grew from ~$100 million to over $1.5 billion in annual sales. During his tenure he held product management, strategic planning, and general management roles, including overseeing the rapid growth of the company’s largest business unit, and establishing and scaling a unit delivering domestic and international professional services. As Vice President of CableMatrix, David also helped raise $5 million in series A venture funding for a policy management software startup.

David completed his undergraduate work at Cornell University with a BA in Economics and holds an MBA from the Harvard Graduate School of Business. 

Adam Sewall


Adam has been a successful senior executive and entrepreneur in the telecomm industry for more than 20 years. Adam has demonstrated success in complex technology deployments, as well as strategic planning, corporate development M&A, business development, operations, and general management. This experience also includes several significant liquidity events for shareholders.

Adam has had significant experience in the design, deployment, and operation of fiber, cellular, point-to-point and other communications networks in the US, Asia and SE Asia. Included in these deployments are AMPS, GSM, CDMA/TDMA, spread spectrum, Wi-Max/Wi-Fi and various Metro and long-haul fiber networks.

Prior to Waterleaf Adam was the President and CEO of T3 Communications Inc. a next generation CLEC based in Florida. He has also held executive management positions in operations, strategic planning and corporate development at T-Mobile and Verizon Wireless.

Adam’s technical background includes work in RF engineering, SDR, mobile s/w development, hardware engineering and telecommunications architecture. His project management and operations background include certifications in project management, GSM/PCS, numerous telecom standards and the successful integration of complex infrastructure as well as global deployments of software and communications networks.

He holds a BS Degree from SUNY and has completed graduate studies in engineering, finance, mathematics and economics at Stevens Institute, Columbia and Pace Universities.