CMMC Preparation Services - KIERI SOLUTIONS

Need expert help with CMMC?

Help with CMMC, DFARS, and NIST SP 800-171

Our team’s expertise is second to none. We boast more than a dozen Certified CMMC Assessors and industry experts providing readiness assistance to defense contractors.

We design our solutions to be bulletproof so that you don’t have any surprises on assessment day. Our consulting team will give you expert advise about DFARS cybersecurity regulations, CMMC Level 2, CUI safeguarding, ITAR / Export Controlled protections, background screening, FedRAMP clouds, NIST SP 800-171, and scoping.

We’ve been there, done that

To become authorized as a C3PAO, Kieri Solutions needed to pass our own CMMC Level 2 assessment by the DoD. But we were a small company without extra money. So we created a compliance program for ourselves that was as efficient and easy as possible. Policies and procedures where they were needed, but only where needed. We analyzed every requirement to figure out not just how to do it, but how to prove we were doing it. And we passed our assessment with flying colors.

We know what it takes to pass.

It doesn’t need to be incredibly expensive. There are ways to make CMMC easier.

Take control of your CMMC compliance by working with Kieri Solutions experts.

CMMC Preparation Project

In addition to CMMC consulting and readiness to fit your specific needs, we offer a combination of services we call a CMMC Prep Project. This project is intended to get your IT department compliant with all documentation and people / process requirements in CMMC. You’re still on the hook for migrating and configuring your technical systems, but we will help you create the plan with the rest.

What is included with the CMMC Prep Project?

Kieri Compliance Documentation – access to our compliance templates, our training library, and monthly Q&A and newsletters.

✚

Consulting to prepare your documentation and processes – one of our certified assessors, with experience doing real 800-171 Joint Surveillance Assessments, works with your company to create a Plan of Action detailing technical migrations and major changes that you need to perform to get compliant. This gets you started early on two parallel tracks: technical fixes and process fixes, so that your time before CMMC enforcement is optimized.

Our CMMC expert will finalize your Data Flow Diagrams, Policies, FIPS documentation, System Security Plan, IT record-keeping, User agreements, Risk assessment, Change Approval Board meeting notes, and more. As our CMMC expert is working with you to review and update this documentation, they provide training to your team about CMMC requirements and recommendations for meeting them. If we see you doing something wrong, we will let you know immediately, and help you create a plan to fix it. If you already have compliance documentation, we will work with you to decide whether to update it in place or to start fresh.

✚

Gap analysis – our certified assessor will perform an efficient assessment of your readiness after the easy stuff (documentation) is fixed. You’ll get to experience how a C3PAO performs assessment planning, scoping, and evidence review process so that your team gets an understanding of what a real assessment will be like. Because we are an Authorized C3PAO, performing real assessments, all of our assessors have an excellent understanding of what can pass and what won’t. The Gap Analysis is more efficient because we have a reduced team size to perform the assessment – one assessor rather than three. This reduces the cost dramatically while still finding remaining issues before your formal assessment. This gives you an updated view of your compliance status as the project completes.

A CMMC Prep Project normally takes less than 6 months to complete. Our Prep Project will fix all of your compliance procedures, policies, and documentation and set your IT department up for success. We want our customers to be in control of their own compliance – we give you the training and tools to be successful long term.

If this sounds good to you, please contact us to schedule a call and a quote!

We’ve been focused on CMMC since the start

Over the last five years since the CMMC program was announced, companies of all sizes have worked with Kieri Solutions for assistance with CMMC preparation. We noticed that one thing was consistent – every defense contractor that we talked to had serious problems with their documentation and manual processes for compliance. For some reason, IT people tend to focus on the technical migrations for years and ignore documentation as long as possible. (Something about sysadmins hating documentation.)

The irony is that documentation and good processes that include evidence capture (like having a user onboarding form and an account management database) is the fastest way to raise CMMC compliance scores – typically more than 100 points over a few months.

When we started consulting on CMMC, our CMMC consultants were constantly poaching from Kieri Solution’s internal documentation to share with clients. We were constantly screen sharing from our environment to show examples of how we performed required maintenance, audit log reviews, user onboarding, and configuration management. It became obvious that the best way we could help the DIB was to make our CMMC compliance program available to the public.

In late 2022, we published our program for performing CMMC compliance as the Kieri Compliance Documentation (KCD). Since then, we’ve added tons of instructions, training videos, and examples for the program, making it a comprehensive resource for companies to take control of their compliance.

If this sounds good to you, please contact us to schedule a call and a quote!

If you are sick of fighting with your existing network, check out our Kieri Reference Architecture. Our optional KRA Turnkey Build service is like a CMMC Prep Project but we help you build a functional, compliant network too. Designed to be assessment ready in just 4-6 months.

Need a team on the inside?

We also offer part-time and full-time consultant teams if you need inside assistance running your CMMC program until you’re through the assessment (or beyond). We have experts at getting executive buy-in, building CUI management programs, ongoing monitoring, and ensuring that siloed teams take ownership of their compliance responsibilities. Our concierge services are designed for enterprise.