Are you 🇺🇸 ready for the CMMC?

DSG provides mock assessments to prepare defense contractors for CMMC assessment -and helps accredited C3PAOs scale. We run realistic mock assessments for CMMC levels 1 & 2, and provide Lead CCA-level assessors to augment C3PAO assessment teams.

Request a Mock Assessment Explore Services
  • CMMC L1/L2
  • NIST 800-171 Rev.2
  • Lead CCA on staff

DSG is not yet acting as a certifying C3PAO. Our services support preparation and staffing.

Trust

We hold ourselves and our business to the highest ethical standards. When you contract with DSG, you're part of the family.

Excellence

We know your mission is critical for the defense of the American way of life. Our mission is to ensure you have the security and confidence to carry it out without compromise.

Clarity

The Defense Industrial Base is faced with an ever evolving set of requirements. At DSG, our goal is to cut through the complexity, and ensure you understand what's required of you and exactly where your organization stands.

Services

Whether your organization is certifying assessment ready, or just getting started on its CMMC journey, DSG is there to help.

Mock Assessments

End-to-end dry-run assessments that mirror C3PAO methods so you can validate readiness before a formal engagement.

  • Scope validation & asset categorization walk-through
  • Practice-by-practice interviews, observation, and artifact review
  • Sampling approach and objective evidence mapping
  • Draft "findings" with factual-accuracy review (non-certifying)

C3PAO Assessment Team Augmentation

Contract DSG to provide a qualified lead assessor to reinforce your accredited C3PAO's team for surge work or specialized environments.

  • Lead CCA on-staff for short/long engagements
  • Aligned to C3PAO procedures, templates, and tooling
  • Maintains independence and objectivity requirements
  • Rapid onboarding, clear deliverables
Jet

Referrals for Remediation

Don't worry! While DSG is not a consulting organization, we have trusted independent remediation partners to preserve assessor independence when corrective actions are needed.

CMMC

Why it matters

The Cybersecurity Maturity Model Certification (CMMC) raises the bar for cybersecurity in the DIB and requires independent assessment for most contractors processing Controlled Unclassifed Information (CUI). With the 48 CFR CMMC Final Rule being published into the Defense Federal Acquisition Regulation Supplement (DFARS) on September 10th, 2025, Contracting officers may begin inserting CMMC clauses into new solicitiation and contracts beginning November 10, 2025.

Levels we assess

  • Level 1 — Foundational practices to protect FCI
  • Level 2 — NIST SP 800-171-aligned practices to protect CUI

Always check your contract and official DoD resources for current requirements.

Our Team

Dunlop Security Group is a family-run CMMC-focused practice. Together, we bring hands-on experience in systems administration, cybersecurity engineering, and cloud operations to support both contractors and accredited C3PAOs.

George Dunlop headshot

George Dunlop

Lead CCA, CCA, CCP, CISSP

Former Systems administrator, now a CMMC assessor with over 7 years of technical experience.

Alexander Dunlop headshot

Alexander Dunlop

CISSP

Cybersecurity professional with over 14 years of technical experience. CCP Candidate.

Gabriel Dunlop headshot

Gabriel Dunlop

Certified Solutions Architect

Cloud Engineer with over a year of specialized experience providing technical and operational support.

American Eagle

Contact

Tell us about your environment and timeline. We’ll follow up promptly.