If you are looking for a CMMC practitioner, who isn't a complete and utter douchebag, here is an assortment of reputable companies that you can evaluate as a possible fit for your specific needs. The CMMC-COA has a fidoucheiary duty to the DIB to highlight some good players in this space, which range from consultants, to Managed Service Providers (MSP), to compliance-focused documentation solutions. Since every CMMC practitioner has their own specialty you need to do your own due diligence.
These CMMC Practitioners have vowed to abide by the CMMC-COA's stringent code of professional conduct*:
*PLEASE NOTE - This is all supposed to be in good humor, so it is sad that some people are humorless. There are a lot of good CMMC practitioners out there, who are not on this list. There are also a lot of shitty companies that just want to separate you from your hard earned $$. Just because a company is not listed on this page, does not mean it is full of a bunch of douchebags who don't know anything about NIST SP 800-171 or CMMC. Sadly, it is amazing how many consultants have contacted us to complain that they are not listed on the "not a douchebag" list. It is not binary - you are not automatically a douchebag if you are not listed on this page, so for those who complain, go out and prove yourself over and over again. At that point, we may add you. Then again, we might not. We only want to highlight companies we have some experience with and know the quality of their work. If we wouldn't use your services or refer you to clients, then you won't be on this list. Period.
Specialty: ComplianceForge providers cybersecurity documentation solutions that are specific to CMMC & NIST SP 800-171 for policies, standards, procedures, SSP/POA&M templates, business plans, incident response, and more. It is the "easy button" approach to cybersecurity documentation needs.
Specialty: Steel Root provides managed cybersecurity and IT services to help companies in the U.S. Defense Industrial Base (DIB) achieve DFARS compliance and prepare for CMMC.
Specialty: Sentinel Blue specializes in bringing the leadership, expertise, and technical capabilities required for DFARS compliance to the Small to Medium Enterprises (SME) in the Defense Industrial Base (DIB). We do common sense security - a lot of consultants don't get it about the realities that smaller companies face with limited budget and expertise, so we can right size an approach for your specific needs.
Specialty: NeQter Labs is a cybersecurity software company dedicated to providing affordable DFARS/NIST SP 800-171/CMMC compliance solutions to the SMB market. Our Compliance Engine platform combines Security Incident Event Management (SIEM), active alerting, inventory, and vulnerability scanning into a single solution.
Specialty: CORTAC provides end-to-end DFARS and CMMC guidance and services and leverages cybersecurity and information assurance as a competitive advantage while reducing the compliance and contracting risks of meeting ITAR, EAR, DFARS, & CMMC requirements.
Specialty: SecurityWaypoint focuses on the compliance and governance aspects of your cybersecurity needs. We provide vCISO (virtual CISO) services to Small to Medium Enterprises (SME) for NIST SP 800-171 & CMMC, including building a customized project plan based on the CMMC Kill Chain to manage CMMC-related compliance activities in a risk-prioritized approach. Experienced with the Secure Controls Framework (SCF) for complex compliance requirements.
Specialty: Peak InfoSec is a Certified 3rd-Party Assessment Organization (C3PAO) that serves all tiers of the Defense Industrial Base (DIB). Peak Infosec specializes in turning cybersecurity programs around to conform to the business’ operational requirements. Its focus isn’t just on the technology, but to make your entire security culture change to what you want it to be.
Specialty: Summit 7 specializes in the Aerospace and Defense (A&D) industry. Summit 7 won the 2020 Microsoft US Partner Award in Security and Compliance for its Office 365 and Azure Government solutions regarding CMMC, DFARS, NIST SP 800-171, ITAR, and CUI.
Specialty: Cybersec Investments provides CMMC / NIST SP 800-171 consulting for Small to Medium Enterprises (SME) who need outside expertise to both understand and implement the requirements needed to comply.
DiCicco, Gulman & Co. (DGC)
Specialty: DGC's IT Risk Assurance & Advisory practice provides a wide variety of cybersecurity services including vulnerability assessments, penetration testing, and security and risk assessments. We provide NIST 800-171 and CMMC readiness assessments and consulting services for the DIB and are an applicant to be a Certified 3rd Party Assessment Organization (C3PAO) for CMMC.