720-891-1663
CYBERCECURITY
DoD Contractors and Subcontractors
CMMC Levels 1-5
Compliance Requirements and Sensitive Data
  • Cybersecurity Compliance: NIST 800-171, CMMC. Any applicable state or national cybersecurity regulations (typically based on customer location). Any applicable PCI requirements.
  • Privacy Compliance: Any applicable state or national privacy regulations based on customer location - includes CCPA.
  • Data: Sensitive national security data. Client personal and business data. Company business, employee, and personal data.

Our 800-171 experience has proven that it is impossible to fully comply with the CMMC without a comprehensive, pre-engineered (turnkey) cybersecurity program and the support of an experienced partner using a detailed roadmap. We have developed the only such turnkey program in the country.

Our programs will save you money because:
  1. You get more value for each dollar spent. You leverage off our decades of experience and our previously developed centralized online system, content, and processes. Using our system makes program deployment and system security mitigation far easier, faster and less expensive.
  2. Our program saves YOU time. Our pre-built mitigation processes and procedures translate into time efficiencies and fewer mistakes for you.
  3. Our program saves US time (and you money). With our skilled guidance and support, those same systems are designed so your team can actively engage in the process and execute the program.
  4. The cost you will pay your certifier will be less. Our system gets you prepared for certification faster with less wasted time because everything is mapped directly to the whatever standard you are trying to meet, therefore the certifier will be able to complete their tasks more quickly, saving both time and money in the certification process.
DoD-CMMC Program Information

Our DoD-CMMC program is designed for all DoD contractors and subcontractors who must comply with 800-171 and (very soon) the Cybersecurity Maturity Model Certification (CMMC) requirements.

This program is custom designed to help companies who will ultimately have to get certified at one of the CMMC levels 1-5. Complying with 800-171 will get you close to CMMC level 3 which includes the majority of small to medium businesses. For DoD contractors, the use of our RecommendationWizard will not get you an accurate price for a CMMC level 1-5 program. Please give us a call and we can ask a few more questions, determine your required CMMC level, and then provide you with an accurate estimate.

The entire DoD-CMMC program is directly mapped to the CMMC requirements and the 17 CMMC security domains (see below). If you use our turnkey program, when it's time to seek actual CMMC certification, you can be assured that you will be ready. We have years of cybersecurity certification experience that you will benefit from and our DoD-CMMC program covers everything you need to build a program. That's why it's called "turnkey."

All cybersecurity programs depend on effective governance strategy and tools. CMMC specifically calls out governance requirements for Level 2 and above in the specification. We provide tools and processes designed to help you govern and document your cybersecurity and privacy programs in accordance with 800-171, the new CMMC requirements and any other associated regulations. The process starts with a CMMC compliant set of cybersecurity policies and procedures and the processes required to deploy these policies across your company. Then, as you implement those polices and the other aspects of the program, everything your team does is thoroughly documented and managed in our proprietary, shared, secured Google Drive environment.  And you don't do the work alone. The price you pay includes our direct support from a dedicated Chief Information Security Officer (CISO), a Technical Engineer, and a Customer Success Manager who support your efforts and provide monthly program status reports for your management.

Since our name will be associated with your certification preparation process, we make sure it is done right so no one is embarrassed and no money is wasted.

Please see below for a description of our DoD-CMMC Program components listed by CMMC security domain.

DoD-CMMC Program Components

Our program identifies weaknesses in your system with regard to system access requirements, controlling internal access, and limiting data access to authorized users and processes. Based upon your actual risk assessment results, we detail exact mitigation steps required to bring you into full compliance with the CMMC.

You cannot protect it unless you know what needs protecting and where it is. Most DoD contractors are responsible for protecting Controlled Unclassified Information (CUI). We teach you what this is and how to identify and label it. We provide step-by-step instructions that help you get it done according to CMMC requirements.

Audit and accountability is about putting systems in place that continuously monitor your IT infrastructure and report back to you when they see problems. We help you define your audit requirements, choose, and manage the correct system, protect audit data, and correctly respond to alerts.

Security awareness training is critical. We supply you with a wide range of professional training materials, including on-demand videos and webinars covering many subjects including phishing, ransomware, insider threats and more. If you must meet CMMC Level 2 or higher requirements, we provide you with the best phishing simulator available as part of your training program. You also get access to Mitch's nationally recognized blog and weekly newsletter to keep your staff informed on breaking cybersecurity news.

No matter what size your company is, the IT infrastructure must be professionally hardened and protected against attack. We help you inventory your assets then go through a process of methodically and carefully configuring those assets so they are  much more difficult to compromise--including the right kind of encryption for your environment. Additionally, we make sure you identify your critical data and back it up in a professional and correct manner. This hardening process is monitored and supported by one of our technical engineers.

We help you set up the systems required to make sure only approved people are allowed to see your data. You'll gain and maintain control of passwords, encryption, and multi-factor authentication processes and procedures.

If you have an incident or a breach, you must know what to do--IMMEDIATELY. There can be no response delay while you try to figure things out. The DFARs require that you notify the Pentagon within 72 hours of a breach. We help you set up and test your incident response program designed to detect and report events. If an event occurs, you log into our shared Google Drive and follow the response steps as directed and practiced by your team. 

All IT infrastructure hardware and software must be inventoried, updated and maintained at all times. The people who maintain these systems and who have access to those systems and that data must also be controlled. It is likely that, at some time, people without approved access to CUI will need access to systems, copiers and other equipment. We provide detailed steps for organizing and driving this effort.

The CMMC requires your company to protect CUI data no matter what kind of media it resides on within your IT infrastructure. We help you physically control and securely store all system data that includes CUI - whether it is stored on paper or digitally.

We provide you with CMMC compliant policies, procedures, and processes to on-board, train, and off-board personnel in a manner that reduces risk and exposure.  This includes processes for protecting CUI at alternative work locations such as work from home.

A foundational piece of any cybersecurity program is physical security.  Our program helps you control physical access to your facilities, IT infrastructure equipment, and physical access devices in full compliance with CMMC requirements.

The key to any IT disaster recovery program is complete and reliable backups of your data. This requires careful planning and execution to make sure your backups are available when needed the most, and also that they can be recovered in a time-effective and cost-effective manner. .

Cybersecurity is a business risk. CMMC requires that you actively test for, manage and remediate all aspects of organizational risk. Our CMMC program supports you in this process.

You can't fix it unless you know what is broken. We work with your team directly to perform the required network and/or application assessments Additionally, we will perform automated and other testing of your IT infrastructure as required.When the risk assessment is completed, we provide you with a written report (SSP - System Security Plan) including prioritized recommendations for fixing problems and risks (Plan of Action - PoAM) and other reports. 

As per CMMC requirements, we'll help you set up systems that keep you and your decision-makers and other responsible parties informed on the ever-changing threat environment.

CMMC requires you to think holistically about and better understand the boundaries of your IT and communication systems. With this knowledge, we can help you better engineer your environment so as to reduce exposure and attack vectors.

System and information integrity is maintained by the performance of scans of the systems and in-bound and out-bound email and other communications. It also requires an aggressive patching program for all devices, including mobile, in a timely fashion. Our program helps you integrate and document these on-going activities into your overall CMMC compliant cybersecurity program.

NOTE 1: Program and Technical Support. The low price you pay for DoD-CMMC Program includes a pre-defined number of technical and program support hours that may be used any time and which do not expire. This support is a crtical factor in the success of your program. Feel free to contact us for more detail about this. Additional hours are optional and available for an additional charge.

NOTE 2: Businesses that do not protect their assets within a professional security environment are unintentionally decreasing the value of their companies. Cybersecurity is now a critical component of business valuations. See our cover story article in the NACVA publication. See our article on page 6. For companies that have to comply with DoD contract requirements, they are likely also in breach of their government contracts.

NOTE 3: Program Security. While the security of TCPS has always been fully aligned with the NIST frameworks, we are currently using this same DoD-CMMC program to make our IT infrastructure fully compliant with the CMMC. We intend to be one of the first companies to be certified under the CMMC program. For much more information on this subject, please see How We Protect Your Data.