CMMC / DFARS NIST 800-171 Assessment Services

Get: CMMC / DFARS - NIST 800-171 Services Brochure

We are pleased to announce that the Cybersecurity Maturity Model Certification Accreditation Board (CMMC-AB) has certified LP3 as a Register Provider Organization (RPO).  LP3 is certified to provide advice, consulting, and recommendations for the Cybersecurity Maturity Model Certification to their clients.   This is just the first step LP3 is investing in to be your agnostic and trusted CMMC advisor.

* Registered in Supplier Performance Risk System (SPRS).    See  HLO CAGE:  3SYQ8

Are you really DFARS 252.204.7012/NIST 800-171 compliant now?  

Are you getting ready for CMMC?

Do you have a roadmap to transition from DFARS/NIST 800-171 to CMMC?

The Clock is Ticking. Will you be able to keep your existing DoD contracts or be able to bid or sub on New DoD contracts? 

  • All DoD contracts will require CMMC compliance and third-party certification in FY2021.
  • DoD contractors must meet CMMC standards to hold selected DoD contracts starting in Summer 2020.

DoD leadership is profoundly concerned about contractor cybersecurity and protecting DoD supply chains from cyber attack is a top priority.

DoD stated that traditional measures of contractor performance cost, schedule and quality are insufficient to measure contractor cyber security.  Limited adoption of NIST 800-171 self-certification standards prompted the DoD to seek third-party auditor verification that contractors adopt and maintain an appropriate level of cyber security.

By developing an auditable process, the Cybersecurity Maturity Model Certification (CMMC), DoD mandates measurable standards for third-party verified cyber security for all contractors.

See latest update on CMMC on our Blog page.

NIST 800-171 Compliance and CMMC Assessment Services:

A leader in NIST 800-171 compliance support, LP3 offers a fixed price NIST 800-171 assessment to include a System Security Plan, POA&M, and a roadmap plan to get your company to CMMC compliance in time to continue to receive DoD contract awards.

Services include all documents required for DFARS/NIST 800-171 Compliance Now!

  • Draft System Security Plans (SSP)
  • Plan of Action & Milestone (POA&M) Report on gaps and mitigations
  • Draft policies cross-referenced to CMMC & NIST SP 800-171 RMF Controls
  • Executive Summary and Final Report on Compliance (ROC)
  • Also includes a Draft CMMC Roadmap customized to achieve CMMC L3 compliance over the next 6 month!


Additional Compliance Support Services

In order to maintain your current compliance status, there are several  CMMC/NIST 800-171 practices/controls that need to be maintained on a periodic basis.  The following cost-effective services have been developed by LP3 specifically for small and medium businesses to meet these requirements:

List of CMMC/NIST 800-171 Practices/Controls References Supported by LP3 Services:

Security Assessment (CA) Practices

  • Periodically assess controls in organizational systems to determine if the controls are effective.   (ID: 3.12.1, CA.2.158 )
  • Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems.   (ID: 3.12.2, CA.3.159)
  • Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls. (ID: 3.12.3, CA.3.161 )
  • Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems.  (ID: 3.12.4, CA.2.157)

System & Information Integrity (SI) Practices

  • Perform periodic scans of organizational system and real-time scans of files from external sources as files are downloaded, opened, or executed.  (ID: 3.14.5, SI.1.213)

Audit & Accountability (AU) Practices

  • Provide audit reduction and report generation to support on-demand analysis and reporting Services (ID: 3.3.6, AU.3.052)

Awareness & Training (AT) Practices

  • Provide security awareness training on recognizing and reporting potential indicators of insider threat.  (ID: 3.2.3, AT.3.058)

Contact LP3. We will be glad to help you make an informed decision on cyber security for your organization.

… “As a small manufacturer, it can be challenging to manage the evolving Cyber Security requirements flowed down from our DoD based Customers. LP3 has played a key role in providing CISO oversight, assessment, and guidance to implement changes to meet current DFARS NIST 800-171 compliance while preparing us for transition to CMMC. With constant pressure to keep overhead low, our relationship with LP3 has proven cost effective to achieve compliance.”


Peter ArmstrongPresident Armstrong Rapid Manufacturing