Get Your CMMC-AB Certification Today

Cybersecurity Maturity Model Certification (CMMC)

Simpatico Systems offers a full range of Security Management & IT Solutions.
Our IT Support Team is here to help your business operations run smoothly and efficiently.

PROGRAM MANAGEMENT

  • Up to 4 hours/mo. of CISO consulting (Policy, Strategy, Implementation Planning), additional time will be billed at our standard rate. This is in addition to the weekly engagement time spent with the compliance team.
  • Up to 4 hours/mo. of email support for policy or documentation questions, additional time will be billed at our standard rate.
  • Governance, Risk, & Compliance (GRC) Platform
  • Annual Supplier Performance Risk System (SPRS) Self-Assessment Support
  • Certified Third Party Assessor Organization (C3PAO) engagement preparation.
  • Weekly Working Sessions, Review & Updates

Scoping & Gap analysis

Defining the Scope/Boundaries of FCI/CUI

A review of your data flow diagram, considering the People, Processes, and Technology that store, process, or transmit FCI/CUI within and outside of your network boundary will be the basis for establishing what will be considered your “Scope”. Your “Scope” will be what 3rd party assessors will use as their guide to understand what is to be assessed.

Perform a Gap Assessment against NIST 800-171 & NIST 800-171A

To have a clear picture of your current level of adherence to NIST 800-171 & NIST 800-171A, a Gap Assessment against your scope is essential. This will identify the strengths and areas that need improvement to reach compliance. This will become the basis for your Plan of Action & Milestones document.

Deliverables

  • Monthly CISO consulting
  • Monthly Policy & procedures documentation support
  • Data flow diagram support
  • CMMC Level 2 Gap Assessment and scoring
  • Plan of Action and Milestones (POA&M) template and support
  • System Security Plan (SSP) template and support
  • Access to Governance, Risk, & Compliance (GRC) Platform to manage CMMC
  • Annual Supplier Performance Risk System (SPRS) Self-Assessment Support
  • Certified Third Party Assessor Organization (C3PAO) engagement preparation
  • Recommendations/Cybersecurity Mitigation Plan on hardware, software, or follow-on services such as remediation, consulting, and/or ongoing monitoring.
  • Immediately inform the Client of any discovered critical security vulnerabilities that pose an extreme danger to the Client network during the analysis.

CMMC 

Learn More Today

Our Requirements

Z

Organizational Leadership support and proper resource allocations throughout the engagement.

Z

Remote interview sessions with people responsible for control domains.

Z

Any network diagrams, data flow diagrams, or supporting documentation.

Z

Any previous assessment results.

Governance, Risk, & Compliance (GRC) Platform

Access to a shared, collaborative GRC platform to aid in managing the lifecycle of your Cybersecurity Maturity Model Certification (CMMC) requirements and certification. This platform will assist in:

  • The ongoing assessment of your environment against the controls, while depicting the progression over time.
  • The collection and cataloging of the examination form of evidence.
  • Act as a repository for all applicable documentation needed to demonstrate sufficient adoption of practices and processes to ensure continual preparedness and accuracy.
  • Provide a central location for Certified Third-Party Assessor Organizations (C3PAO) to understand your current state of compliance and access the body of evidence required during an assessment.

Documentation Preparation

 

There are several documentation requirements established by CMMC. The GRC platform will provide you with the needed documents, in addition to providing support, advice, and reviews as we curate these to your specific environmental scope.

  • System Security Plan (SSP) – Dynamically Generated by GRC
    • A formal document that provides an overview of the security requirements for the scoped information system(s) and describes the security controls in place or planned for meeting those requirements.
  • Plan of Action & Milestones (POA&M) – Dynamically Generated by GRC
    • This is a document that identifies tasks needing to be accomplished to reach compliance with NIST 800-171 & NIST 800-171A. It details resources required tohy
    • accomplish the elements of the plan, any milestones in meeting the tasks, and scheduled completion dates for the milestones.

SCHEDULE AND DURATION

PROJECT KICKOFF

within 1-2 weeks of contract signing

GAP ANALYSIS

within 1-2 weeks of kickoff

RECOMMENDATION

1 week after finalizing Gap Analysis