CMMC Readiness & Advisory Services
From FAR to DFARS to FedRAMP Moderate or equivalent to NIST 800-171 to SPRS scores to a CMMC certification audit, navigating the DoD’s cyber compliance landscape is truly a journey. Our experts are here to help, in a way that addresses your current obligations with and prepares you for your eventual third party independent assessment. Who better to help than our actual C3PAO team who are currently conducting official assessments with the DIBCAC during the CMMC pilot (Joint Surveillance) period.
How it works?
Depending on where your organization is on their CMMC journey, we typically start with a scoping phase to identify and categorize all assets that are in scope for compliance. Once complete and agreed upon, we conduct an assessment to understand the implementation of the CMMC security controls on the in scope assets through a combination of documentation review and interviews. We sum everything up in a final report that identifies where you sufficiently meet the control objectives and where you don’t. For any gaps identified, we provide tailored recommendations for how you can remediate based on your organization’s capabilities and way of doing things. If needed, our team is available to assist in remediating any control gaps and/or validating sufficient remediation of controls once completed.
Who is it for?
A CMMC readiness engagement may be right for your organization if any of the following are true:
Your organization handles controlled unclassified information (CUI).
You have contracts with Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012.
You have contracts with Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7019.
You have contracts with Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7020.
How long is the engagement duration (Period of Performance)?
4-8 weeks in total, not including remediation which averages 6-18 months for most organizations we see.
How much does it Cost?
Our average readiness engagement ranges from $40,000 - $80,000 and is a firm fixed price. This does not include optional follow on remediation work which varies widely and can be estimated at the conclusion of the gap assessment.