As shown on our CMMC Assessment Process page, Peak InfoSec can bring to bear the expertise to help your firm get ready to undergo a CMMC Conformity Assessment or to simply assess yourselves against NIST SP 800-171 requirements.

Self-Assessment

In the Self-Assessment step, we guide your firm through the security requirements and translate NIST “geek” into human understandable requirements.  Coming out of this step, we can provide your firm:

  • An assessment report which identifies deficiencies/gaps and recommended remediations for each security requirement
  • Your NIST SP 800-171 score for the Supplier Performance Risk System per the DoD Scoring Assessment Guide

Design

Understanding and keeping up with all of the technologies needed to meet CMMC conformity is our speciality.  Whether your organization is a multinational corporation, major university, or a small machine shop, we the technologies needed and how to make them work together in your new CMMC architecture.

Plan

Developing your POA&M is simplified with us.  Using our repeatable processes, we walk your firm through planning all remediation efforts, helping your firm to plan resources, to time sequencing the events based on your ability to commit resources.

Remediate

We can help you with your remediation efforts to the level you want us involved.  Unlike other firms, our goal is not to make you forever dependent on us.  We actually want your firm to grow and out grow your need for us.

Pre-Assessment Readiness Review

As a C3PAO that conducts Conformity Assessments, we know what pitfalls other firms fall into.  Our goal is to make common pitfalls that cause an OSC to fail a Conformity Assessment either non-existant for your organization.  While that is a lofty goal, we counsel our clients every C3PAO is likely to find something during a Conformity Assessment.

Conformity Assessment Support

We encourage our client to have us involved during their Conformity Assessments.  Like having your CPA present during an IRS Audit, our job is to make sure the C3PAO and their team do not over-interpret the requirements and “bring their baggage” tou your Conformity Assessment.

Key CMMC Sites

Key References

Key Acquisition References

Other Key Sites

Information Security Turnaround Specialists