Our Expertise

Controlled Unclassified Information (CUI)/Cybersecurity Maturity Model Certification (CMMC)


When it comes to safeguarding Controlled Unclassified Information (CUI), CSCI leads the pack. Our extensive experience and ever-evolving credentials position us to advise our private partners and serve our government customers at the highest levels. CSCI’s experts stay ahead of industry standards for protecting CUI, analyzing and applying the latest guidance from the National Institute of Standards and Technology (NIST) and the Department of Defense (DoD).

The CSCI team has led compliance efforts on a variety of government regulations including Defense Federal Acquisition Regulation Supplement (DFARS) Clause 252.204-7012, Safeguarding Covered Defense Information (CDI) and Cyber Incident Reporting. Our team of experts can bridge the gap between emerging standards and legacy standards still in use today. By complying with NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, CSCI cybersecurity professionals protect CUI within nonfederal systems. This includes all 14 CUI control families and maintaining compliance of the 110 CUI requirements.


Cybersecurity Maturity Model Certification (CMMC) is now the official standard required by the DoD for all government contractors and CSCI is prepared to certify at the highest levels. Although officially announced in 2020, CMMC is not new to us. CSCI has been preparing for the adoption of CMMC since its inception and we offer our professional advisory services to companies looking to fulfill these DoD requirements.

CMMC provides a comprehensive framework made up of 17 domains. Companies are assessed based on how effectively they incorporate different processes, capabilities, and practices to maximize their cyber hygiene and mitigate risk. CSCI’s team of experts can assess the needs and goals of your organization, from basic to advanced. We are tracking the latest guidance, including Draft NIST SP 800-171B, Enhanced Security Requirements for Critical Programs and High Value Assets, which forms the basis for CMMC levels 4-5. Through diligent and proactive research and analysis of cyber risks, we are on the front lines of fighting Advanced Persistent Threats (APTs).

CSCI is a trusted partner of the federal government. Our promise is to bring a commitment to quality and a dedication to honesty in all our business relationships. By working with CSCI on your CUI and CMMC certification needs, you gain access to our exceptional professional insights, breadth of diverse technical knowledge and experience, and strategic perspective that comes from many years of working alongside the DoD.


Cyber hygiene depends on an informed approach that reflects the latest industry standards. CSCI Cybersecurity Subject Matter Experts maintain DoD Directive 8140/8570 compliance levels for IA categories of:

  • Cyber Security Service Providers (CSSP) Analyst
  • CSSP Auditor
  • CSSP Incident Responder
  • CSSP Infrastructure Support
  • CSSP Manager
  • Information Assurance Management (IAM) Levels I, II, and III
  • Information Assurance Systems Architects and Engineers (IASAE) Levels I, II, and III
  • Information Assurance Technicians (IAT) Levels I, II, and III.

CSCI employees hold a variety of cybersecurity, information technology, and management certifications including:

  • Certified Ethical Hacker (CEH)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Security Professional (CISSP)
  • CISSP-Information Systems Security Management Professional (ISSMP)
  • Cisco Certified Network Associate (CCNA)
  • CompTIA A+, Network+, and Security+
  • GIAC Certified Incident Handler (GCIH)
  • Host Based Security System (HBSS) Administrator – Certified
  • Information Technology Infrastructure Library (ITIL)
  • Microsoft Certified Systems Engineer (MCSE)
  • Project Management Professional (PMP)
  • Red Hat Certified System Administrator (RHCSA)
  • Systems Security Certified Practitioner (SSCP)
  • VMware Certified Professional (VCP).