WORTH EVERY PENNY
If you are looking for a CMMC practitioner, we assembled an assortment of reputable companies that you can evaluate as a possible fit for your specific needs. These CMMC practitioners range from consultants, to Managed Service Providers (MSP), to compliance-focused documentation solutions, all the way to manufacturers. Since every CMMC practitioner has their own specialty you need to do your own due diligence.
The bottom line is you get what you pay for with CMMC consulting services!
CMMC / NIST 800-171 Documentation Solutions
Specialty: ComplianceForge provides editable, cost-effective cybersecurity documentation solutions that are specific to CMMC 2.0 & NIST SP 800-171 (CUI & NFO controls). ComplianceForge is the "easy button" approach to CMMC & NIST SP 800-171 compliance documentation needs:
SSP & POA&M templates)
Incident Response Plan (IRP)
Third-Party Risk Management
CMMC / NIST 800-171 Consulting Services
Specialty: BDO provides organizations with proven experience and certified personnel to mitigate the risk of non-compliance with DoD cybersecurity contracting regulations. BDO’s highly-credentialed and experienced team can help companies achieve their assessment needs within one comprehensive tool and achieve a lower cost of implementation and management for all DoD-mandated cybersecurity compliance frameworks.
The BDO Cyber Assessment Tool (CAT) provides comprehensive assessments for FAR 52.204-21, DFARS 252.204-7012 / NIST 800-171, NIST 800-172, CMMC Maturity Levels 1-5 as well as additional assessments for EXOSTAR cyber questionnaires. BDO professionals assist with cyber architecting, network and systems IT technical solution implementation, policies/artifacts to CMMC assessments. BDO can provide overall package management to help keep your CMMC package current and compliant.
How To GRC
Specialty: HowToGRC is a cybersecurity firm focused on designing and implementing cost effective and scalable cybersecurity programs. HowToGRC provides CMMC and NIST SP 800-171 readiness assessments, advisory and audit preparation along with our continuous compliance management platform, CMMCplus™. HowToGRC has considerable experience implementing and tailoring ComplianceForge products and the Secure Controls Framework (SCF).
Specialty: DEFCERT supports all facets of "defense contractors" that make up the Defense Industrial Base (DIB), including manufacturers, economic development organizations, managed IT service providers and technology companies. DEFCERT offers a full-range of technology and business process improvement services that includes CMMC consulting, DFARS contract obligation reviews, CMMC implementation and resource planning, system design and validation of existing implementations (to prepare for C3PAO assessment).
DiCicco, Gulman & Co. (DGC)
Specialty: DGC's IT Risk Assurance & Advisory practice provides a wide variety of cybersecurity services including vulnerability assessments, penetration testing, and security and risk assessments. We provide NIST 800-171 and CMMC readiness assessments and consulting services for the DIB and are an applicant to be a Certified 3rd Party Assessment Organization (C3PAO) for CMMC.
CMMC / NIST 800-171 Technology Integrators (MSP / MSSP)
Specialty: Sentinel Blue specializes in bringing the leadership, expertise, and technical capabilities required for DFARS compliance to the Small to Medium Enterprises (SME) in the Defense Industrial Base (DIB). We do common sense security - a lot of consultants don't get it about the realities that smaller companies face with limited budget and expertise, so we can right size an approach for your specific needs. Sentinel Blue is also a CMMC Third-Party Assessor Organization (C3PAO).
Specialty: Steel Root designs, builds, and manages secure IT environments for companies in the U.S. Defense Industrial Base. Steel Root's reference architecture for DoD compliance enables companies to effectively scope out technical debt and accelerate project timelines. Steel Root also provides compliance advisory services to help contractors manage ongoing program requirements.
The Steel Root reference architecture is a set of systems, configuration baselines, and managed services — built on the Microsoft Government cloud and using zero trust principles — that is purpose built for meeting the CUI safeguarding requirements in DFARS 252.204-7012 and preparing for CMMC.
Specialty: Summit 7 specializes in the Aerospace and Defense (A&D) industry. Summit 7 won the 2020 Microsoft US Partner Award in Security and Compliance for its Office 365 and Azure Government solutions regarding CMMC, DFARS, NIST SP 800-171, ITAR, and CUI.
CMMC / NIST 800-171 Technology Solutions
Specialty: NeQter Labs is a cybersecurity software company dedicated to providing affordable DFARS/NIST SP 800-171/CMMC compliance solutions to the SMB market. Our Compliance Engine platform combines Security Incident Event Management (SIEM), active alerting, inventory, and vulnerability scanning into a single solution.
Specialty: Beryllium specializes in providing NIST SP 800-171 and CMMC compliance solutions, specifically working with SMB’s to successfully segment CUI from their main network and to properly minimize the scope of the CUI environment. Our flagship product, CUICK TRAC™, combines a virtual, privately-hosted enclave, as part of a continuously-monitored and managed security program that helps SMBs become compliant in an affordable, practical and secure way.
CMMC Licensed Training Providers (LTP)
Space Coast Cyber
Specialty: Space Coast Cyber is a boutique training company that specializes in advanced cybersecurity education and certification training. We are passionate about our profession and want to help build the cybersecurity community one class at a time with a current focus on Cybersecurity Maturity Model Certification (CMMC) training as an authorized Licensed Training Provider (LTP).
While cybersecurity training is our primary focus and mission, we do engage in limited consulting as our availability allows. Focus areas for consulting are NIST SP 800-171 / CMMC implementation, C3PAO Quality Assurance or assessment team staff augmentation, fractional Information Systems Security Engineering (vISSE) services, NIST Risk Management Framework services, and NIST SP 800-161 Cybersecurity Supply Chain Risk Management (C-SCRM) strategy development and security program management.
CMMC Third-Party Assessment Organizations (C3PAOs)
Specialty: Cybersec Investments is a CMMC Third-Party Assessor Organization (C3PAO) and provides CMMC / NIST SP 800-171 consulting for Small to Medium Enterprises (SME) who need outside expertise to both understand and implement the requirements needed to comply.
Specialty: Kieri Solutions is a CMMC Third-Party Assessor Organization (C3PAO) with demonstrated expertise in CMMC, NIST SP 800-171, FedRAMP, and DFARS. Kieri Solutions specializes in gap analysis, architecture review and design, process engineering and resource planning. Kieri Solutions is cloud and remote-work friendly and focuses on enabling organizations to become and stay compliant over time. Clients range from small businesses to Fortune 500 companies, including providing guidance to MSPs and cloud service providers who want to make sure their offerings correctly support their DIB clients.
NIST 800-171 Compliant Manufacturing Services & Consulting
Specialty: Custom, build-to-print, aerospace and defense machine shop. Veteran-owned small business (VOSB) with in-house machining and fabrication capabilities. Win-Tech supports both prototype and production projects (aluminum, titanium, and other metals, plastics and composites) as well as consulting services to manufacturers pursuing cybersecurity compliance in the industry. Win-Tech speaks CMMC and would like to be your manufacturer of choice (we do subcontracting)!
NIST SP 800-171 compliant