Cybersecurity Maturity Model Certification (CMMC) Compliance Services

Impact Utah will provide CMMC-AB Registered Practitioner (CMMC-AB RP) consulting services and facilitate the development of a company cybersecurity program including:

Gap analysis

risk mitigation plan of action

Supporting documentation templates (Plan of Actions and Milestones (POA&M)

NIST SP 800-171 self assessment score for Supplier Performance risk Systems (SPRS)

System Security Plan (SSP)

Incident Response Plan (IRP)

Security Awareness and Training plan

High – level recommendations for security policies handbook

The following are included in our consulting services depending on your needs:

CMMC Level 1

DELIVERABLES 

Introduction to FAR & CMMC

Asset Inventory Training

Draft Network Diagram & FCI Dataflow Diagram

Perform 17 Practices Gap Analysis and Plan of Actions & Milestones (POA&M)

Develop a 17 Practices System Security Plan (SSP)

Identify Evidence for Practices

CMMC Level 3

DELIVERABLES 

Introduction to NIST SP 800-171, The Interim rules, & CMMC

Asset Inventory Training

Draft Network Diagram & CUI Dataflow Diagram

Perform Gap Analysis and Plan of Actions & Milestones (POA&M)

Collect NIST SP 800-171 self-assessment Score and Post in the Supplier Performance Risk Systems (SPRS)

Develop a System Security Plan (SSP)

Create a Cybersecurity Incident Response Plan (IRP)

Build a Security Awareness and Training Plan

Provide Policies Template

Identify Evidence for Practices

CMMC Pre-Assessment Readiness Review (For CMMC Levels 1-5)

Impact Utah will assist the organization to be ready to go through a CMMC assessment by running a sample assessment that generates feedback based on objective evidence.

DELIVERABLES

Identify Evidence for all Practices and Processes

Collect and organize all Objective Evidence needed

Identify and list all observed gaps in objective evidence

Evaluate Organisation preparedness

Impact Utah will provide CMMC-AB Registered Practitioner (CMMC-AB RP) consulting services and facilitate the development of a company cybersecurity program including:

Gap analysis

Risk mitigation plan of action

Supporting documentation templates (Plan of Actions & Milestones (POA&M)

NIST SP 800-171 self-assessment score for Supplier Performance Risk Systems (SPRS)

System Security Plan (SSP)

Incident Response Plan (IRP)

Security Awareness and Training plan

High-level recommendations for security policies handbook

The following are included in our consulting services depending on your needs:

CMMC Level 1

DELIVERABLES

Introduction to FAR & CMMC

Asset Inventory Training

Draft Network Diagram & FCI Dataflow Diagram

Perform 17 Practices Gap Analysis and Plan of Actions & Milestones (POA&M)

Develop a 17 Practices System Security Plan (SSP)

Identify Evidence for Practices

CMMC Level 3

DELIVERABLES

Introduction to NIST SP 800-171, The Interim Rule, & CMMC

Asset Inventory Training

Draft Network Diagram & CUI Dataflow Diagram

Perform Gap Analysis and Plan of Actions & Milestones (POA&M)

Collect NIST SP 800-171 self-assessment Score and Post in the Supplier Performance Risk System (SPRS)

Develop a System Security Plan (SSP)

Create a Cybersecurity Incident Response Plan (IRP)

Build a Security Awareness and Training Plan

Provide Policies Template

Identify Evidence for Practices

CMMC Pre-Assessment Readiness Review (For CMMC Levels 1-5)

IMpact Utah will assist the organization to be ready to go through a CMMC assessment by running a sample assessment that generates feedback based on objective evidence.

DELIVERABLES

Identify Evidence for all Practices and Processes

Collect and organize all Objective Evidence needed

Identify and list all observed gaps in objective evidence

Evaluate Organization preparedness

Perform a pre-assessment readiness check