NIST SP 800-171 Basic Assessment
It is a self assessement on 110 cybersecurity controls related to CUI. From the assessment, a SPRS (Supplier Performance Risk System) score is computed for government reporting purpose.
CMMC is the certification of a contractor meeting a set of cybersecurity controls. For most SMB, this is specified by NIST SP 800-171.
The assessment is a necessary step to generate the SPRS (Supplier Performance Requirement System) score which is required by some of the government contracts. Contractors without or with a weak SPRS score could be rejected from award consideration.
CMMC certification is all about bringing your cybersecurity posture into verifiable compliance with NIST SP 800-171. Unfortunately it takes months even for the motivated SMB to be ready.
The DoD also issued a memo in July 2022 emphasizing to Contracting Officers the need to enforce DFARS 252.204.7012 which requires defense contractors to implement NIST SP 800-171. A contractor or subcontractor bidding on a new contract or requesting extension on existing contract is already at risk today of non compliance with NIST SP 800-171.
We will walk through the 110 control statements throgh an interview process with you. From the response we will assess the cybersecurity posture and compute a score.
A senior consultant will be spending many hours working on your assessment and making valuable recommendations. The fee is $1000 while some consultants charge many times more. Since it urgent for a SMB to know where they roughly stand, we feel the need to provide an inexpensive triage service.
Please contact us to arrange the assessment interview.