CMMC Advisory Services

Address cybersecurity maturity expectations

At Aronson, we believe that it is impossible to have a secure and compliant IT environment without buy-in and engagement from the entire organization. We apply our extensive experience to assist your organization with developing a culture of security awareness that drives and enables cybersecurity maturity.  

Our Services

Aronson LLC is a Registered Provider Organization (RPO) with the CMMC-AB, the accreditation body responsible for managing the CMMC program. Our team of CMMC-AB Registered Practitioners (RP) is ready to assist government contractors with preparing for a CMMC assessment and/or meeting the existing requirements of NIST 800-171.  

Our Solutions

We partner with government contractors (and their IT/cybersecurity vendors) to enable you to achieve the maturity required to successfully demonstrate CMMC compliance and obtain certificationWe assist organizations with meeting certification requirements for NIST 800-171 as well as CMMC Maturity Level 1 (Basic Cyber Hygiene), 2 (Intermediate Cyber Hygiene), or 3 (Good Cyber Hygiene).  

As a trusted business advisor and partner to related stakeholders such as technology startups/businesses, Aronson is ideally positioned to advise government contractors on their cybersecurity maturity journey. We have the technical expertise to assist you in the focus areas below.

Do you need a solution not listed below? We’d be happy to work with you to develop a unique solution to fit your needs. Contact our team directly using the contact form and someone will quickly respond to you 

CMMC/NIST 800-171 Quick Pre-Assessment

  • Conduct stakeholder interviews, review existing work products (policies, procedures, practices, and artifacts), and provide a summary assessment of compliance with CMMC or NIST 800-171 security requirements  

Advisory Services (CMMC or NIST 800-171)

  • Develop strategy and roadmap to address CMMC or NIST 800-171 security requirements.  
  • Provide guidance, direction and/or support to internal stakeholders on holistically addressing CMMC or NIST 800-171 security controls 

Remediation Support (CMMC or NIST 800-171)

  • Provide support in addressing specific security controls or practices
  • Develop/update policy documents
  • Define, update, and document practices required to demonstrate adherence to policies

Virtual Chief Information Security Officer (vISO/vCISO)

  • Provides dedicated part-time executive cybersecurity resource (with support of additional team members as needed)
  • Plan, implement, and sustain a cybersecurity program to enhance security posture
  • Provide specialized guidance to meet compliance mandates such as CMMC or NIST 800-171

Policy & Procedures Development & Updates

  • Review existing policies; cross-walk/map them to CMMC or NIST 800-171 requirements; and provide recommendations.
  • Provide compliant policy templates and customize to fit organization needs.
  • Review existing procedures; cross-walk/map them to established policies; and provide recommendations to address coverage gaps.

CMMC Pre-Assessment Readiness Review

  • Work with stakeholders to identify, review and catalog objective evidence (artifacts demonstrating compliance) required for formal CMMC assessment (provided by a CMMC Assessor Organization (C3PAO) 

Change Impact Pre-Assessment

  • Review proposed infrastructure or other changes (e.g. cloud provider migration) to determine impact on organization system boundary (all systems or a subset of systems) and address issues that may impact existing CMMC Maturity Level certification.
  • Work with stakeholders to identify, review and update objective evidence (artifacts demonstrating compliance) required for formal CMMC re-assessment (provided by a CMMC Assessor Organization (C3PAO).

Cost Allocation & Recovery Strategies

  • Provide recommendations and best practices for establishing cost centers, accumulating CMMC costs, and maximizing cost recovery within indirect rate structure.  
Blog Resource

Cybersecurity Maturity Model Certification (CMMC) and The Importance of Culture

In many of the discussions about the Cybersecurity Maturity Model Certification (CMMC), I find one... more
March 5, 2021

CMMC 2.0 – What Changed & What Should Government Contractors Do Next?

On November 4, 2021, the DOD launched CMMC 2.0 which significantly streamlined requirements for the... more
November 12, 2021

Impact of Cybersecurity Related False Claims Act Lawsuits on Government Contractors

In October 2021, the U.S. Department of Justice reported that they would “use its authorities... more
August 5, 2022

Cyber Monday Minute Round-Up

Have you checked out Aronson’s Cyber Monday Minute video series yet? In them, we address... more
July 27, 2022
  • By:
  • Aronson

SMBs are the Perfect Candidates (for Hackers to Exploit)

A report by the U.S. National Cyber Security Alliance estimated that 60% of all small to... more
May 23, 2022

Top 10 Security Controls and Practices Routinely Exploited for Initial Access to Victim Networks

A joint security advisory issued by multiple national cybersecurity authorities reveals the top 10... more
May 23, 2022

CMMC Overview: What Government Contractors Need to Know to Prepare Webinar: Q&A

Do you know what it takes to become CMMC certified? On October 28, 2021, the Director of our CMMC... more
November 2, 2021
Oct 28
On-Demand Webinar

Cybersecurity Maturity Model Certification: What Government Contractors Need to Know to Prepare

Download presentation slides. Find Q&A from the presentation here.  Do you know... more

Related Industries

Helping businesses across industry sectors address cybersecurity maturity expectations.