CMMC Advisory Services

Address cybersecurity maturity expectations

At Aronson, we believe that it is impossible to have a secure and compliant IT environment without buy-in and engagement from the entire organization. We apply our extensive experience to assist your organization with developing a culture of security awareness that drives and enables cybersecurity maturity.  

Our Services

Aronson LLC is a Registered Provider Organization (RPO) with the CMMC-AB, the accreditation body responsible for managing the CMMC program. Our team of CMMC-AB Registered Practitioners (RP) is ready to assist government contractors with preparing for a CMMC assessment and/or meeting the existing requirements of NIST 800-171.  

Our Solutions

We partner with government contractors (and their IT/cybersecurity vendors) to enable you to achieve the maturity required to successfully demonstrate CMMC compliance and obtain certificationWe assist organizations with meeting certification requirements for NIST 800-171 as well as CMMC Maturity Level 1 (Basic Cyber Hygiene), 2 (Intermediate Cyber Hygiene), or 3 (Good Cyber Hygiene).  

As a trusted business advisor and partner to related stakeholders such as technology startups/businesses, Aronson is ideally positioned to advise government contractors on their cybersecurity maturity journey. We have the technical expertise to assist you in the focus areas below.

Do you need a solution not listed below? We’d be happy to work with you to develop a unique solution to fit your needs. Contact our team directly using the contact form and someone will quickly respond to you 

CMMC/NIST 800-171 Quick Pre-Assessment

  • Conduct stakeholder interviews, review existing work products (policies, procedures, practices, and artifacts), and provide a summary assessment of compliance with CMMC or NIST 800-171 security requirements  

Advisory Services (CMMC or NIST 800-171)

  • Develop strategy and roadmap to address CMMC or NIST 800-171 security requirements.  
  • Provide guidance, direction and/or support to internal stakeholders on holistically addressing CMMC or NIST 800-171 security controls 

Remediation Support (CMMC or NIST 800-171)

  • Provide support in addressing specific security controls or practices
  • Develop/update policy documents
  • Define, update, and document practices required to demonstrate adherence to policies

Virtual Chief Information Security Officer (vISO/vCISO)

  • Provides dedicated part-time executive cybersecurity resource (with support of additional team members as needed)
  • Plan, implement, and sustain a cybersecurity program to enhance security posture
  • Provide specialized guidance to meet compliance mandates such as CMMC or NIST 800-171

Policy & Procedures Development & Updates

  • Review existing policies; cross-walk/map them to CMMC or NIST 800-171 requirements; and provide recommendations.
  • Provide compliant policy templates and customize to fit organization needs.
  • Review existing procedures; cross-walk/map them to established policies; and provide recommendations to address coverage gaps.

CMMC Pre-Assessment Readiness Review

  • Work with stakeholders to identify, review and catalog objective evidence (artifacts demonstrating compliance) required for formal CMMC assessment (provided by a CMMC Assessor Organization (C3PAO) 

Change Impact Pre-Assessment

  • Review proposed infrastructure or other changes (e.g. cloud provider migration) to determine impact on organization system boundary (all systems or a subset of systems) and address issues that may impact existing CMMC Maturity Level certification.
  • Work with stakeholders to identify, review and update objective evidence (artifacts demonstrating compliance) required for formal CMMC re-assessment (provided by a CMMC Assessor Organization (C3PAO).

Cost Allocation & Recovery Strategies

  • Provide recommendations and best practices for establishing cost centers, accumulating CMMC costs, and maximizing cost recovery within indirect rate structure.  
Blog Resource

Cybersecurity Maturity Model Certification (CMMC) and The Importance of Culture

In many of the discussions about the Cybersecurity Maturity Model Certification (CMMC), I find one... more
March 5, 2021

Why You Should You Hire a RPO for Gap Analysis and/or Pre-Assessment Support

Aronson LLC is a Registered Provider Organization (RPO) with the CMMC-AB, the accreditation body... more
April 12, 2021

Don’t Overlook IT Governance

One thing that is often overlooked in organizations is the importance of IT governance. ... more
August 26, 2021

Don’t Fixate on CMMC Maturity Level: Start With Foundational Best Practices

There’s a lot of buzz about the Cybersecurity Maturity Model Certification (CMMC) regulations... more
August 26, 2021

Is Your Organization Seeking CMMC Certification? Start Here!

If obtaining a Cybersecurity Maturity Model Certification (CMMC) certification is on your... more
August 2, 2021

IT Security Risks and Mitigation

The cyber threat landscape is constantly growing. Bad actors are getting more sophisticated and... more
June 25, 2021

Compliance Does Not Necessarily Mean Secure

Compliance is certainly essential in today's world. Requiring Federal government contractors to... more
May 12, 2021

COVID-19: Keep Your (Cyber) Guard Up!

Wake up, brush your teeth, say, “Good morning,” get cup of coffee, log into computer. This is... more
April 6, 2020
  • By:
  • Aronson

Related Industries

Helping businesses across industry sectors address cybersecurity maturity expectations.