What is CMMC?

            Our CMMC preparation services are provided to help you meet the requirements set for by the Department of Defense and CMMC Accreditation Body for the desired certification level. Our offering currently provides consulting up to level CMMC Level 3. Specifically it includes a gap analysis, compliance assessment and policy reviews as applicable. The determination of cost and scope will be based on required level and current security implementation. Other services can be included as required. Additionally, as part of the CMMC preparation we also provide recommendation to help with corrective actions.

Preparation

                                We perform a detailed analysis of your current network and compare it with the cyber security controls required in NIST 800-171. We prepare a System Security Plan (SSP) & Plan-of-Action & Milestones (PO&AM) providing documented evidence to the DoD or your Prime that you’re on your way towards compliance. In this phase we also help create any policies and procedures needed to meet the CMMC requirements.

Remediation

                                In this step, the items called out in the Plan-of-Action & Milestone (PO&AM) are addressed. Depending on the current state of your IT systems, this can be as simple as implementing multi-factor authentication and security awareness training or as complex as refreshing an entire aging infrastructure. 

Follow-Up

                                As part of our guarantee we offer an additional block of hours to be used at the conclusion of the preparation and remediation phases. These hours are used to answered new questions or to ensure changes made after the consulting support your certification success and not hinder it.