CMMC Assessment & Compliance Services.

Will you be able to bid or sub on DoD contracts? 

Are you really DFARS 252.204.7012/CMMC 2.0 compliant?

All DoD contracts require CMMC Level 1 compliance now in order to handle Federal Contract Information (FCI) data!  

Many DoD contracts may require you to handle Controlled Unclassified Information (CUI) data and therefore require you to be CMMC 2.0 Level 2 compliant.

Do you have a remediation roadmap to get you to the proper level of CMMC compliance?

 The Clock is Ticking. Will you be able to keep your existing DoD contracts or be able to bid or sub on New DoD contracts? 

DoD leadership is profoundly concerned about contractor cybersecurity and protecting DoD supply chains from cyber-attack is a top priority.

DoD stated that traditional measures of contractor performance cost, schedule and quality are insufficient to measure contractor cyber security.  Limited adoption of NIST 800-171 self-certification standards prompted the DoD to seek third-party auditor verification that contractors adopt and maintain an appropriate level of cyber security.

By developing an auditable process, the Cybersecurity Maturity Model Certification (CMMC), DoD mandates measurable standards for third-party verified cyber security for all contractors.

CMMC 2.0 Assessment & Compliance Support Services:

A leader in CMMC compliance support, LP3 offers a fixed price CMMC 2.0 assessments which include a required System Security Plan (SSP), Plan of Action & Milestone (POA&M), and SPRS support and Score to get your company to CMMC compliance in time to continue to receive DoD contract awards.

Services include all documents required for DFARS/NIST 800-171 Compliance Now!

• System Security Plans (SSP)
• Plan of Action & Milestone (POA&M): Report on gaps and remediation information
• Supplier Performance Risk System (SPRS): Registration Support & Associated Compliance Score
• Draft policies cross-referenced to associated CMMC practices
• CMMC 2.0 Remediation Roadmap customized to achieve CMMC Level 1 or Level 2 compliance over the next 2 to 6 months

Additional Compliance Support Services

In order to maintain your current compliance status, there are several  CMMC/NIST 800-171 practices/controls that need to be maintained on a periodic basis.  The following cost-effective services have been developed by LP3 specifically for small and medium businesses to meet these requirements:

• External Penetration and Internal Penetration Testing
• Internal Credentialed Vulnerability Scanning
• Staff Security Awareness Assessment/Training (Including Phishing, Vishing, testing)
• Virtual CISO (V-CISO) consulting services

List of CMMC/NIST 800-171 Practices/Controls References Supported by LP3 Services:

Security Assessment (CA) Practices

• Periodically assess controls in organizational systems to determine if the controls are effective. (ID: CA.L2-3.12.1)
• Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems.  (ID: CA.L2-3.12.2)
• Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls. (ID: CA.L2-3.12.3)
• Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems. (ID: CA.L2-3.12.4)

System & Information Integrity (SI) Practices

• Perform periodic scans of organizational system and real-time scans of files from external sources as files are downloaded, opened, or executed. (ID: SI.L1-3.14.5)

Audit & Accountability (AU) Practices

• Provide audit reduction and report generation to support on-demand analysis and reporting Services (ID: AU.L2-3.3.6)

Awareness & Training (AT) Practices

• Provide security awareness training on recognizing and reporting potential indicators of insider threat. (ID: AT.L2-3.2.3)

Contact LP3. We will be glad to help you make an informed decision on cyber security for your organization.