How much will this CMMC cost me and my business?


New member
We have already spent so much money on NIST, it seems as though they are just trying to squeeze more money out of me.


New member
I've been wondering that, too. My business is small and I'm worried about not being able to afford the audit. Why haven't they said anything about the costs yet?


Staff member
Unfortunately, as you probably already know, the cost of an audit has not yet been released; that being said, based on other audits of similar scope and scale, our best ESTIMATE is anywhere between $20,000 to $30,000. HOWEVER, according to the Under Secretary of Defense for Acquisition & Sustainment, the cost will be considered an "allowable" cost in your contract, so you will be able to be reimbursed.

Keep in mind, however, that doesn't include the cost to actually BECOME compliant (i.e. implementing the necessary security controls). The more NIST-compliant your business is, the less it will cost to implement because a vast majority of the requirements are the same.

Also, if you do have government contracts, your company should be pretty far along; though unfortunately, a lot of contractors are woefully unprepared, which is the whole reason the government will no longer allow contractors or sub-contractors to self-report/certify.

If you have any further questions, you can schedule a free consultation with Craig!
Get CMMC Compliant With PTG's CMMC Compliance Tool Kit - Learn More