CMMC Advisory Services

Address cybersecurity maturity expectations

At Aronson, we believe that it is impossible to have a secure and compliant IT environment without buy-in and engagement from the entire organization. We apply our extensive experience to assist your organization with developing a culture of security awareness that drives and enables cybersecurity maturity.  

Our Services

Aronson LLC is a Registered Provider Organization (RPO) with the CMMC-AB, the accreditation body responsible for managing the CMMC program. Our team of CMMC-AB Registered Practitioners (RP) is ready to assist government contractors with preparing for a CMMC assessment and/or meeting the existing requirements of NIST 800-171.  

Our Solutions

We partner with government contractors (and their IT/cybersecurity vendors) to enable you to achieve the maturity required to successfully demonstrate CMMC compliance and obtain certificationWe assist organizations with meeting certification requirements for NIST 800-171 as well as CMMC Maturity Level 1 (Basic Cyber Hygiene), 2 (Intermediate Cyber Hygiene), or 3 (Good Cyber Hygiene).  

As a trusted business advisor and partner to related stakeholders such as technology startups/businesses, Aronson is ideally positioned to advise government contractors on their cybersecurity maturity journey. We have the technical expertise to assist you in the focus areas below.

Do you need a solution not listed below? We’d be happy to work with you to develop a unique solution to fit your needs. Contact our team directly using the contact form and someone will quickly respond to you 

CMMC/NIST 800-171 Quick Pre-Assessment

  • Conduct stakeholder interviews, review existing work products (policies, procedures, practices, and artifacts), and provide a summary assessment of compliance with CMMC or NIST 800-171 security requirements  

Advisory Services (CMMC or NIST 800-171)

  • Develop strategy and roadmap to address CMMC or NIST 800-171 security requirements.  
  • Provide guidance, direction and/or support to internal stakeholders on holistically addressing CMMC or NIST 800-171 security controls 

Remediation Support (CMMC or NIST 800-171)

  • Provide support in addressing specific security controls or practices
  • Develop/update policy documents
  • Define, update, and document practices required to demonstrate adherence to policies

Virtual Chief Information Security Officer (vISO/vCISO)

  • Provides dedicated part-time executive cybersecurity resource (with support of additional team members as needed)
  • Plan, implement, and sustain a cybersecurity program to enhance security posture
  • Provide specialized guidance to meet compliance mandates such as CMMC or NIST 800-171

Policy & Procedures Development & Updates

  • Review existing policies; cross-walk/map them to CMMC or NIST 800-171 requirements; and provide recommendations.
  • Provide compliant policy templates and customize to fit organization needs.
  • Review existing procedures; cross-walk/map them to established policies; and provide recommendations to address coverage gaps.

CMMC Pre-Assessment Readiness Review

  • Work with stakeholders to identify, review and catalog objective evidence (artifacts demonstrating compliance) required for formal CMMC assessment (provided by a CMMC Assessor Organization (C3PAO) 

Change Impact Pre-Assessment

  • Review proposed infrastructure or other changes (e.g. cloud provider migration) to determine impact on organization system boundary (all systems or a subset of systems) and address issues that may impact existing CMMC Maturity Level certification.
  • Work with stakeholders to identify, review and update objective evidence (artifacts demonstrating compliance) required for formal CMMC re-assessment (provided by a CMMC Assessor Organization (C3PAO).

Cost Allocation & Recovery Strategies

  • Provide recommendations and best practices for establishing cost centers, accumulating CMMC costs, and maximizing cost recovery within indirect rate structure.  
Blog Resource

Cybersecurity Maturity Model Certification (CMMC) and The Importance of Culture

In many of the discussions about the Cybersecurity Maturity Model Certification (CMMC), I find one... more
March 5, 2021
Blog

CMMC 2.0 – What Changed & What Should Government Contractors Do Next?

On November 4, 2021, the DOD launched CMMC 2.0 which significantly streamlined requirements for the... more
November 12, 2021
Blog

CMMC Overview: What Government Contractors Need to Know to Prepare Webinar: Q&A

Do you know what it takes to become CMMC certified? On October 28, 2021, the Director of our CMMC... more
November 2, 2021
Oct 28
On-Demand Webinar

Cybersecurity Maturity Model Certification: What Government Contractors Need to Know to Prepare

Download presentation slides. Find Q&A from the presentation here.  Do you know... more
Blog

US Government to Fine Government Contractors who Fail to Follow Required Cybersecurity Standards (Civil Cyber-Fraud Initiative)

On October 6, 2021, the U.S. Department of Justice (DOJ) said “it will go after federal... more
October 14, 2021
Blog

Don’t Overlook IT Governance

One thing that is often overlooked in organizations is the importance of IT governance. ... more
Blog

Don’t Fixate on CMMC Maturity Level: Start With Foundational Best Practices

There’s a lot of buzz about the Cybersecurity Maturity Model Certification (CMMC) regulations... more
August 26, 2021

Related Industries

Helping businesses across industry sectors address cybersecurity maturity expectations.