Back
CMMC Assessment Project Management Program
CMMC Assessment Project Management Program - Image 2
CMMC Assessment Project Management Program - Image 3
CMMC Assessment Project Management Program - Image 4
CMMC Assessment Project Management Program - Image 5
CMMC Assessment Project Management Program - Image 6
CMMC Assessment Project Management Program - Image 7
CMMC Assessment Project Management Program - Image 8
CMMC Assessment Project Management Program - Image 9
CMMC Assessment Project Management Program - Image 10

CMMC Assessment Project Management Program

$67,500.00

  1. Organizational Overview

COMPANY have extensive experience working in the Department of Defense (DoD) sector and with other government agencies which has resulted in a unique understanding of government standards, criteria, and various project delivery methods. Due to this work, they process, store, and transmit Controlled Unclassified Information (CUI), and thus are required to implement the NIST 800-171 controls and establish a CMMC Compliance Program, with a goal to Certify at CMMC Level 2.

With the challenge of implementing and maintain a cybersecurity compliance program with a baseline of 110 controls and 320 assessment objectives, they are seeking assistance and guidance to meet their compliance and security goals. While the IT Director wishes to establish a robust Cybersecurity Compliance Program, CMMC is the priority.

Typically, a Compliance Program takes approximately 12-18 months to establish. This includes technical remediation, documentation, business process change, and cultural change. The company wishes to compress this timeline into a more aggressive schedule. This requires a higher level of effort and dedication. The costs associated with the heavier level of effort are included in this proposal. To that end, this proposal covers the CMMC compliance assistance for COMPANYover 9 month period.

This proposal covers services for:

  • CMMC Level 2 Readiness Assessment
  • Plan of Action with Milestones Guidance to Completion
  • Coordination and Consulting to bring into Compliance
  • Perpetual license for the CMMC IT Documentation Toolkit with updates for length of the engagement
  • Assistance with IT Documentation required for Compliance: Policies, Plans, and Procedures
  • Customization and adoption of the documentation requirements
  • Compliance program management and guidance
  • External Service Provider and internal Stakeholder briefings and alignment with compliance

 

Category: Tag:
  1. CMMC Compliance Program Management

Services provided through Achieva Tech’s CMMC Compliance Program Management Services will include:

Product or Service Description CMMC | NIST Area
CMMC Level 2 Readiness Assessment Included in Program Onboard is a formal Assessment with Compliance alignment to NIST 800-171 controls and CMMC Level 2, with Report of Findings, and POAM. (a $25,000 value)

 

 A validated, detailed self-assessment that will be the basis for the alignment to standards and creates a detailed, complete POAM.
CMMC IT Documentation Toolkit Compliance Program The Toolkit is a How To implement and maintain a CMMC Compliance Program. It also Includes the required Policies, Plans, and Procedures for CMMC compliance at Levels 1-2. (a $6,750 value)

 

 Addresses the written documentation Maturity Levels 1-2. Provides a framework for the compliance program.
Documentation Customization Customize IT Documentation and update documentation as requirements change or business grows. Guidance for creation of internal process documentation and trainings.

 

 Addresses the written documentation Maturity Levels 1-2
Documentation Review

 

 Review of existing organization documentation of the covered information systems, facility, and people/processes.

 

 Documentation of people, processes, technology, and facility is required for CMMC Compliance. Some existing documentation may be able to be used or modified for compliance.

 
Weekly Program Onboard Meetings Stakeholders meet weekly to onboard the program until the first Risk Management Meeting.

 

 Continuous compliance management is required, as such, a strong onboard is essential.

 
POAM Management Continued management of POAM items to initially close all items out, then to continue to add and close items as systems change.

 

 A managed POAM with completion dates for all items is a requirement of CMMC.
External Service Provider Readiness

 

 Coordinate with external service providers (ESP’s) in scope for CMMC assessment to assure their readiness for Level 2 compliance, including Shared Responsibility Matrices and documentation for their scope.

 

 ESP’s in scope will be part of the organization’s CMMC assessment and must also be assessment ready.
System Security Plan Review and Modification Guidance

 

 Review and update the Systems Security Plan (SSP) where it is out of alignment with the current configurations or practices, or where is needs to be more descriptive of the story of how the controls were implemented.

 

 SSP is the most important and vital document in the CMMC Program.
Initial and Quarterly Risk Assessments Quarterly Risk Assessments are completed as per the Risk Management Plan and assure continued compliance.

 

 Risk assessments are required for compliance.
Yearly Security Assessment Direction and Analysis Direct and analyze results of Yearly Security Assessments. These assessments are completed to assure satisfactory implementation of the controls, and to identify security concerns and gaps to close for resiliency and continuity.

 

 Security assessments are required for compliance.
Quarterly Risk Management Meetings Establish a cadence of accountability and check in’s for continuous compliance. Facilitate regular Risk management Meetings for continued compliance and POAM completion. The Risk Management Team meets quarterly to review the findings of Security Assessments, Risk Assessments, Vulnerability Assessments, regular compliance checks, and to review the required documents and processes to maintain compliance.

 

 The Risk Management Meeting and Processes are the mechanism for Governance of your CMMC Compliance Program.
Stakeholder Briefings

 

 Meet with identified stakeholders so they understand their role in CMMC Compliance, as well as assure they are following their documented processes for compliance.

 

 Assessors will interview key stakeholders and process owners during the assessment process.
Certification Assessment Support

 

 We won’t leave you hanging during assessment! We’ll provide the preparatory technical and documentation work, the coaching for company team members who are involved in the certification process, as well as guidance with closure of any POAM items from the certification assessment.

 

 The goal of the CMMC Compliance Program is to get compliance and achieve a certification every three years.

 

Reviews

There are no reviews yet.

Be the first to review “CMMC Assessment Project Management Program”

Your email address will not be published. Required fields are marked *