The Schreifer Group is CMMC Certified!

If hearing the acronym “CMMC” gives you a little ache in your stomach and a wince to your smile, chances are you are a small business that contracts with the federal government. CMMC stands for Cybersecurity Maturity Model Certification Program. The intent of CMMC is to make sure that all CUI and FCI are safeguarded. It is a very important new rule. It might sound simple but with 110 steps to be level 2 certified, the work, cost, and responsibility is daunting.  

After more than a year working towards this goal, in April 2026, The Schreifer Group officially became C3PAO CMMC Level 2 certified. We are very proud to say we accomplished this milestone as a small business and are ready to continue to support our partners and clients!  

Small Business CMMC Certification – Lessons Learned 

There are many benefits to being and working with a small business, like flexibility, convenience, reliability, but when big government decisions become law, it can quickly feel like a small fish in a big scary ocean situation. Going through the certification wasn’t always easy, but we learned a lot! Here is a list of some of our lessons learned while working towards being CMMC certified as a small business.  

1. Start early – If you haven’t started your CMMC journey yet, start now! The requirements are set to be standard and in contracts as early as November 2026. It is a lengthy process and will take time.  

2. Don’t do it alone – One downside to being a small business is not having the manpower to do everything internally. CMMC was one of those things that at times felt like we were trying to translate a foreign language. It quickly became apparent that we needed help. We found so much confidence and support in working with a 3^rd party IT company. They gave us resources, assets, consulting, and training. We could never have passed our third-party assessment without them.  

3. Keep a paper trail of everything – Part of the CMMC requirements is being able to provide evidence for all the security measures the company takes. Something as simple as posting this blog needs to show that it went through the appropriate process of “authorized posters” with a confirmation that there is no CUI. When in doubt, write it out! 

4. Work as a team with your assessor – The C3PAO assessment was very intimidating. Weeks of buildup, gathering evidence and answering questions, and then almost a week of all day interviews. We found a federal CMMC assessor who wasn’t after a “gotcha” moment but truly wanted to make sure we were successful and secure. They asked good questions and meticulously and thoughtfully went through each and every detail in our environment to make sure we met all of the steps of CMMC Level 2.  

We Are CMMC Level 2 Certified and Ready to Work! 

Becoming CMMC ready was no easy task. It took a lot of internal teamwork to get to this point. At The Schreifer Group we are proud to have accomplished such an amazing step as a small business. We even got “CMMC” sewn onto our sweatshirts so we will never forget all we went through and accomplished to get to this big moment!  

TSG won’t have any compliance interruptions come November. We are ready and excited to continue our award-winning federal planning and explosives safety work in a secure and compliant way!