At Aronson, we believe that it is impossible to have a secure and compliant IT environment without buy-in and engagement from the entire organization. We apply our extensive experience to assist your organization with developing a culture of security awareness that drives and enables cybersecurity maturity.
Aronson LLC is a Registered Provider Organization (RPO) with the CMMC-AB, the accreditation body responsible for managing the CMMC program. Our team of CMMC-AB Registered Practitioners (RP) is ready to assist government contractors with preparing for a CMMC assessment and/or meeting the existing requirements of NIST 800-171.
We partner with government contractors (and their IT/cybersecurity vendors) to enable you to achieve the maturity required to successfully demonstrate CMMC compliance and obtain certification. We assist organizations with meeting certification requirements for NIST 800-171 as well as CMMC Maturity Level 1 (Basic Cyber Hygiene), 2 (Intermediate Cyber Hygiene), or 3 (Good Cyber Hygiene).
As a trusted business advisor and partner to related stakeholders such as technology startups/businesses, Aronson is ideally positioned to advise government contractors on their cybersecurity maturity journey. We have the technical expertise to assist you in the focus areas below.
Do you need a solution not listed below? We’d be happy to work with you to develop a unique solution to fit your needs. Contact our team directly using the contact form and someone will quickly respond to you.
CMMC/NIST 800-171 Quick Pre-Assessment
- Conduct stakeholder interviews, review existing work products (policies, procedures, practices, and artifacts), and provide a summary assessment of compliance with CMMC or NIST 800-171 security requirements
Advisory Services (CMMC or NIST 800-171)
- Develop strategy and roadmap to address CMMC or NIST 800-171 security requirements.
- Provide guidance, direction and/or support to internal stakeholders on holistically addressing CMMC or NIST 800-171 security controls.
Remediation Support (CMMC or NIST 800-171)
- Provide support in addressing specific security controls or practices
- Develop/update policy documents
- Define, update, and document practices required to demonstrate adherence to policies
Virtual Chief Information Security Officer (vISO/vCISO)
- Provides dedicated part-time executive cybersecurity resource (with support of additional team members as needed)
- Plan, implement, and sustain a cybersecurity program to enhance security posture
- Provide specialized guidance to meet compliance mandates such as CMMC or NIST 800-171
Policy & Procedures Development & Updates
- Review existing policies; cross-walk/map them to CMMC or NIST 800-171 requirements; and provide recommendations.
- Provide compliant policy templates and customize to fit organization needs.
- Review existing procedures; cross-walk/map them to established policies; and provide recommendations to address coverage gaps.
CMMC Pre-Assessment Readiness Review
- Work with stakeholders to identify, review and catalog objective evidence (artifacts demonstrating compliance) required for formal CMMC assessment (provided by a CMMC Assessor Organization (C3PAO).
Change Impact Pre-Assessment
- Review proposed infrastructure or other changes (e.g. cloud provider migration) to determine impact on organization system boundary (all systems or a subset of systems) and address issues that may impact existing CMMC Maturity Level certification.
- Work with stakeholders to identify, review and update objective evidence (artifacts demonstrating compliance) required for formal CMMC re-assessment (provided by a CMMC Assessor Organization (C3PAO).
Cost Allocation & Recovery Strategies
- Provide recommendations and best practices for establishing cost centers, accumulating CMMC costs, and maximizing cost recovery within indirect rate structure.