What makes our CMMC Audit Tool Better

Our assessment tool allows for documentation of the current IT environment, independent of a compliance framework. Through our collaborative profile process, stakeholders from across the enterprise can document the current IT operations and control environment. This information is then mapped to control objectives, combined with detailed information and guidance from the governing body to create a dashboard for making quick and efficient decisions to document your current compliance level. This speeds up the assessment process while providing a comprehensive understanding of each control and your results.

As security compliance auditors we understand how to make the process understandable, and expedient while allowing for a comprehensive and accurate result. We know what works and what doesn’t…..

As offensive security experts, we can explain your results – and vulnerabilities – from the perspective of an Advanced Persistent Threat (APT) attacker to prioritize your remediation plans to tie real world risk to compliance goals.

The NIST 800-171 compliance strategy includes

  • Customized compliance report for upload to DoD Supplier Performance Risk System (SPRS)
  • Customized dashboard of compliance broken down by metrics (e.g. Control Family, Control Type, Control)
  • Mapped results against other relevant compliance frameworks such as NIST 800-53, ISO 27002 – 2013, CIS 20 Critical Security Controls, DFARS 7012
  • Impact and/or risk of non-compliance for each control
  • System Security Plan (SSP) strawman customized to your Controlled Unclassified Information (CUI) categories. This is a required deliverable for submission to DoD
  • Plan of Actions & Milestones (POAM) strawman to address your compliance gaps. This is a required deliverable for submission to DoD
  • Identification of policy gaps and strawman policies to be completed by client
  • Customized consulting support as required (e.g. supporting the completion of the required POAM and SSP for submission to SPRS)

Hands on support throughout the process

The process is daunting, the controls ambiguous and non-intuitive, and the need to get it right is crucial to your business. We guide you through the assessment process explaining the controls and answering questions each step of the way.

Step 1 :

Gather information — we will work with you using our assessment tool and walk you through the full process of documenting your system and surrounding environment, and applying the information to a control framework.

Step 2 :

Receive deliverables — includes customized compliance dashboard, and partially completed POAM and SSP.

Step 3 :

Engage Us Further — receive tailored support to complete all required deliverables and any other needs.

Step 4 :

Submit Results — you are responsible for submitting completed deliverables to the DoD.

Don't wait any longer to get compliant

Interpreting the Compliance Controls:

Challenge – The assessment questions and control descriptions are technical and can be difficult to interpret Benefit – We use our process and tool to guide you through an intuitive set of questions that map back to the controls

Answering the Compliance Questions:

Challenge – Answering the questions is ambiguous at best and at worst a lack of understanding may result in an inaccurate assessment Benefit – Using our experience as technical control auditors and cyber security experts, we explain the context and rationale behind each control question – and why it’s relevant to you

Developing Compliance and Remediation Deliverables:

Challenge – The required System Security Plan (SSP) and Plan of Actions and Milestones (POAM) deliverables must results-based, thorough, accurate, and actionable. Benefit – Our assessment tool will automatically generate the SSP and POAM. We then leverage our experience in offensive security, and security engineering, to architect solutions which provide defense against real world risk, while also closing compliance gaps

Identifying Your Score:

Challenge – Your assessment score is only as accurate as your answers reflect your security infrastructure Benefit – Our knowledge and experience set will help you accurately assess your compliance and provide you the best foundation for your SSP and POAM deliverables. We then develop a custom remediation strategy to increase your score with limited spend