CMMC Advisory Services

Address cybersecurity maturity expectations

At Aronson, we believe that it is impossible to have a secure and compliant IT environment without buy-in and engagement from the entire organization. We apply our extensive experience to assist your organization with developing a culture of security awareness that drives and enables cybersecurity maturity.  

Our Services

Aronson LLC is a Registered Provider Organization (RPO) with the CMMC-AB, the accreditation body responsible for managing the CMMC program. Our team of CMMC-AB Registered Practitioners (RP) is ready to assist government contractors with preparing for a CMMC assessment and/or meeting the existing requirements of NIST 800-171.  

Our Solutions

We partner with government contractors (and their IT/cybersecurity vendors) to enable you to achieve the maturity required to successfully demonstrate CMMC compliance and obtain certificationWe assist organizations with meeting certification requirements for NIST 800-171 as well as CMMC Maturity Level 1 (Basic Cyber Hygiene), 2 (Intermediate Cyber Hygiene), or 3 (Good Cyber Hygiene).  

As a trusted business advisor and partner to related stakeholders such as technology startups/businesses, Aronson is ideally positioned to advise government contractors on their cybersecurity maturity journey. We have the technical expertise to assist you in the focus areas below.

Do you need a solution not listed below? We’d be happy to work with you to develop a unique solution to fit your needs. Contact our team directly using the contact form and someone will quickly respond to you 

CMMC/NIST 800-171 Quick Pre-Assessment

  • Conduct stakeholder interviews, review existing work products (policies, procedures, practices, and artifacts), and provide a summary assessment of compliance with CMMC or NIST 800-171 security requirements  

Advisory Services (CMMC or NIST 800-171)

  • Develop strategy and roadmap to address CMMC or NIST 800-171 security requirements.  
  • Provide guidance, direction and/or support to internal stakeholders on holistically addressing CMMC or NIST 800-171 security controls 

Remediation Support (CMMC or NIST 800-171)

  • Provide support in addressing specific security controls or practices
  • Develop/update policy documents
  • Define, update, and document practices required to demonstrate adherence to policies

Policy & Procedures Development & Updates

  • Review existing policies; cross-walk/map them to CMMC or NIST 800-171 requirements; and provide recommendations.
  • Provide compliant policy templates and customize to fit organization needs.
  • Review existing procedures; cross-walk/map them to established policies; and provide recommendations to address coverage gaps.

CMMC Pre-Assessment Readiness Review

  • Work with stakeholders to identify, review and catalog objective evidence (artifacts demonstrating compliance) required for formal CMMC assessment (provided by a CMMC Assessor Organization (C3PAO) 

Change Impact Pre-Assessment

  • Review proposed infrastructure or other changes (e.g. cloud provider migration) to determine impact on organization system boundary (all systems or a subset of systems) and address issues that may impact existing CMMC Maturity Level certification.
  • Work with stakeholders to identify, review and update objective evidence (artifacts demonstrating compliance) required for formal CMMC re-assessment (provided by a CMMC Assessor Organization (C3PAO).

Cost Allocation & Recovery Strategies

  • Provide recommendations and best practices for establishing cost centers, accumulating CMMC costs, and maximizing cost recovery within indirect rate structure.  
Blog Resource

Cybersecurity Maturity Model Certification (CMMC) and The Importance of Culture

In many of the discussions about the Cybersecurity Maturity Model Certification (CMMC), I find one... more
March 5, 2021

COVID-19: Keep Your (Cyber) Guard Up!

Wake up, brush your teeth, say, “Good morning,” get cup of coffee, log into computer. This is... more
April 6, 2020
  • By:
  • Aronson

Is Your Firm’s Cybersecurity Certifiable? If Not, Don’t Count on Winning DoD Contracts!

The current Department of Defense (DoD) cybersecurity rule, reflected in DFARS 252.204-7012,... more
September 18, 2019

Typical Construction Industry Cyber Breaches – And What You Should Have Already Done

Cybersecurity remains an ever-present topic of interest across all industries, as potential and... more
January 28, 2019
  • By:
  • Aronson

GSA Incorporates New Cyber and AI Technologies into IT Schedule 70

Keeping up-to-date with technology is essential to government agencies’ success. In order to... more
December 18, 2018

Cybersecurity: A Critical Risk for Construction Companies

In 2018, the construction industry faces risks from locations outside of their job sites. They are... more
August 20, 2018
  • By:
  • Aronson

How to Develop a Cybersecurity Plan

Cybersecurity has become a top priority for senior management as organizations seek to protect... more
June 11, 2018

Cyber Risk Survey Report

The release of the 360° Cyber Risk Survey Report comes at a critical time. Information technology... more
January 15, 2018

Related Industries

Helping businesses across industry sectors address cybersecurity maturity expectations.