CMMC Level 1 Compliance,
Handled End to End
DivIHN holds Cybersecurity Maturity Model Certification (CMMC) Level 2 certification. The same standard governing your assessment governs how DivIHN operates. Every engagement covers scoping, gap assessment, remediation support, Supplier Performance Risk System (SPRS) submission, and annual affirmation.
Where Most Providers Fall Short
A Department of Defense (DoD) subcontractor hired a compliance firm to handle their Level 1 assessment. The firm delivered a checklist and a quote for additional remediation work. Six months passed with no SPRS submission and no designated affirming official. The contract renewal window opened three weeks later.
Compliance frameworks define a floor, not a ceiling. PCI DSS covers your cardholder environment. HIPAA covers ePHI safeguards. CMMC covers your CUI enclave. Each operates within a defined boundary. AI integrations, cloud identity paths, and third-party connections sit outside that boundary and represent real attacker opportunity. The most defensible posture addresses both.
What Every Engagement
Covers
Every Level 1 engagement is scoped to your contracts, your systems, and your deadline. Every step below is built into every engagement from day one, regardless of which service path you choose.





What Every Engagement
Covers
Every Level 1 engagement is scoped to your contracts, your systems, and your deadline. Every step below is built into every engagement from day one, regardless of which service path you choose.





Your Deadline Drives
Every Engagement Timeline
Most Level 1 engagements complete in 4 to 12 weeks depending on starting posture and service path. Every timeline builds backward from your contract deadline.
Compressed timelines available for companies with near-term recompetes or solicitations.
What Every Engagement Delivers
Every deliverable maps to the specific requirement your assessor checks. We structure gap documentation, evidence packages, and submission records so your affirming official can affirm accurately and your SPRS score reflects your actual posture.
Every deliverable and every step comes included from the first call. The scope of work is fixed before engagement begins.
What Makes Your SPRS Submission Defensible
A submitted score and a defensible position are two different things. Assessors and contracting officers check the documentation behind the score as closely as the score itself. DivIHN structures every engagement so both hold up equally.
The affirmation is a legal attestation. We review all 15 requirements against documented evidence and confirm full implementation before the affirming official affirms.
Every DivIHN engagement produces a written scope record identifying every system, device, and location included in the self-assessment. The scope documentation travels with the score.
A score reaffirmed on schedule reflects current posture. Our team tracks renewal dates and initiates the annual process with enough lead time so the score on file stays current and defensible.