CMMC Support Services

CMMC certification (Cybersecurity Maturity Model Certification)

Cybersecurity is a top priority for the U.S. government, especially the Department of Defense (DoD). The DoD has developed the Cybersecurity Maturity Model Certification (CMMC) in response to more frequent and complex cyberattacks.

This certification is designed to enhance the security of sensitive information and protect confidential data in government contracts. It is derived from NIST 800-171 and incorporates its 14 domains. CMMC comprises 17 domains.

All contractors, subcontractors and suppliers who hold Federal Contract Information or Controlled Unclassified Information, whether they have a direct or indirect relationship with the DoD, are required to be CMMC-certified. Even if your current partners and customers aren't asking for CMMC certification yet, it's likely to become an unavoidable requirement in the future.

StreamScan is one of the few companies in Canada authorised as an RPO (Registered Provider Organisation) to support organisations in their conformity process.

Find out more about our CMMC support service

Would you like to find out if CMMC applies to your company?
Consult one of our CMMC experts.

StreamScan is an RPO

An RPO (Registered Provider Organisation) is an organisation authorised to provide services and support for Cybersecurity Maturity Model Certification (CMMC).

Following a rigorous process, RPOs are authorised by the CyberAb certification body to help companies comply with the security requirements and controls specified for CMMC certification.

Why work with an RPO (Registered Provider Organisation)

RPOs have demonstrated their expertise and ability to guide organisations through the compliance process, providing advice, assessments and support services to achieve the required levels of cybersecurity maturity. They are a valuable partner for companies seeking CMMC certification.

As an RPO, StreamScan accompanies organisations from A to Z to help them pass the various checkpoints. With our support, our customers are in safe hands to comply with CMMC certification requirements.

Find out more about our CMMC support service

Our experts are with you every step of the way, from gap analysis to managing the CMMC auditor and implementing corrective measures.

StreamScan can help you produce all the documentation required for CMMC certification.

Our monitoring service and technology enable you to meet many of the requirements of the CMMC certification standard, speeding up the process.

NIST 800-171 vs CMMC 2.0

NIST 800-171 and CMMC 2.0 are two essential cybersecurity frameworks for companies working with the US government, but they differ in their approaches and requirements. NIST 800-171 provides guidelines for the protection of unclassified information, while CMMC 2.0 goes a step further by introducing a certification model that assesses companies' cybersecurity maturity.

NIST 800-171

  • NIST 800-171 is a US government cybersecurity standard.
  • It includes 110 security controls divided into 14 domains, thus establishing requirements for protecting sensitive unclassified information (CUI - Controlled Unclassified Information).
  • If you do not use CUI in your business dealings with the U.S. government, you are not required to comply with NIST 800-171.
  • There is no certification. You simply have to rigorously comply with the 110 controls and perform a self-assessment to confirm your compliance.


  • CMMC (Cybersecurity Maturity Model Certification) is a new certification developed by the US Department of Defense.
  • It applies to all companies in the Defense supply chain.
  • It is derived from NIST 800-171 and incorporates its 14 domains. CMMC is composed of 17 domains.
  • It aims to enhance the security of sensitive information and protect confidential data in government contracts.
  • CMMC requires third-party certification reinforcing supplier security and compliance.

The SPRS (Supplier Performance Risk System) score from NIST 800-171

When you win a U.S. government contract involving the use or handling of CUI (Controlled Unclassified Information), you may be required to provide your SPRS score. Some of your partners may also require you to provide your SPRS score. This score is the result of a gap analysis between your level of security and the requirements of NIST 800-171. In addition, to submit your SPRS score, you must have a System Security Plan (SSP).

Why StreamScan?

StreamScan has extensive experience in helping organisations achieve a wide range of compliance levels, including NIST 800-171 and CMMC.

StreamScan is one of the few Canadian companies currently authorised as an RPO (Registered Provider Organisation) to support organisations in their CMMC compliance process.

Our experts are with you every step of the way, from gap analysis to management of the CMMC auditor (C3PAO or Certified 3rd Party Assessement Organisation) and implementation of corrective measures.

Our partnership with a U.S.-based company authorised to perform CMMC certification audits speeds up the certification process for Canadian companies.

Our monitoring service and technology can meet many of the requirements of the CMMC standard, speeding up the process.

StreamScan already works with Canada's National Defense and other sensitive public safety and aerospace organisations.

Border Streamscan

What our customers say

StreamScan Textimonials
  • “After we got hacked, we needed upgraded cybersecurity and found StreamScan. They’ve been monitoring our network ever since - detecting over 23k security events monthly and intervening on 10%+ of those cases. The result has been zero incidents since we started with StreamScan.”

    Pierre Forest, IT Director


  • "StreamScan are the Cyber Security Pros. Their expertise, service, and responsiveness are helping us keep our network secure."

    Christian Raymond, IT Manager


  • "We were experiencing severe degradation of network performance, so much so, it was preventing employees from working. We suspected a cyber-attack and reached out to StreamScan. Within two hours their incident response team was on site. They discovered we weren’t under attack but instead had patch problems on a device in the network. Their help got us back up and running in minimum time."

    Benoit Renaud, Head of Cybersecurity


  • “As an MDR client of StreamScan, we have also chosen to adopt their EDR solution, a decision motivated by its seamless integration with their network monitoring service and intrusion detection technology (CDS). Entrusting the management of our network and Endpoint surveillance to the same bilingual and local team presents a significant advantage in centralizing our monitoring efforts. This not only offers financial benefits but also enhances our protection efficiency. It provides them with a 360-degree view of our network and Endpoints. Moreover, the efficiency of their EDR solution is remarkable. What distinguishes this team, particularly, is their rapid responsiveness, professionalism, and profound expertise in the field of cybersecurity. Their commitment to safeguarding our infrastructure is undeniable, and we are extremely satisfied with our ongoing collaboration.”

    Eric Lambert, Manager of IT infrastructure and procurement

    GMP Energy

  • “We are delighted to share our positive experience with StreamScan, with whom we have been a customer for two years, utilising their MDR and CDS solutions. The team stands out for its unfailing availability and proven efficiency. Their regular checkpoints enable us to remain proactive in the face of emerging threats, while their ability to filter out false positives saves us valuable time to focus on real security challenges. StreamScan also provides us with expert guidance in the field of cybersecurity, providing us with relevant strategic recommendations and an in-depth understanding of current security issues.”

    Jérémy Merlin, Team Lead, IT Department


1 / 5


State-of-the-art cybersecurity solutions for all businesses