Skip to content
Kieri Solutions authorized C3PAO badge

CMMC Level 2

Kieri Solutions offers the following assessment services

ASSESSMENT FOR CERTIFICATION — If you are ready, we can sponsor your company for a DIBCAC High Joint Surveillance Voluntary Assessment now, or we can schedule you to be one of the first true CMMC Level 2 assessments in 2025.

GAP ANALYSIS – Want an accurate but cost-effective check on your CMMC compliance status?  We use Certified CMMC Lead Assessors to perform all of our Gap Analyses.  320 assessment objectives with real C3PAO assessment plan, detailed findings, and final report.  Includes CMMC scoping review, evaluation of your cloud vendors, and review of your CUI data flows.  Don’t wait until your contracts are on the line to find out that you aren’t CMMC compliant!

ASSESSMENT FOR LETTER OF ATTESTATION – Kieri Solutions, using our authority as an authorized C3PAO, can perform an assessment of your compliance with NIST SP 800-171. In addition to the assessment report and detailed findings, we will issue a Letter of Attestation which can be shared with your clients.  This offering is also ideal for companies that want a “Mock” CMMC assessment before they sign up for a certification assessment.

Ready for a quote?

Kieri Solutions’ CMMC Assessors are certified and recognized by the Cyber-AB and Department of Defense.

 

High quality, no surprises

 

ServiceFeatureKieri Solutions
All assessmentsAuthorized C3PAO. CMMC Assessments are what we do. We’ve had to prove our expertise.
All assessmentsFixed price quotes – no price uncertainty. Includes travel costs for assessors.
All assessmentsNew assessment clients are provided detailed FAQs about what to expect and how to prepare for assessment. Customer friendly process.
All assessmentsTerms and conditions are clearly written.  No gotchas.
All assessmentsWe are happy to discuss how we understand DoD requirements like FedRAMP or Specialized Assets before you sign for assessment
All assessmentsAssessment planning and scoping included
All assessmentsEasy to use secure file share for uploading evidence and downloading assessment docs
All assessmentsAssessors are 100% CMMC oriented.  (Unfortunately, many C3PAOs are still using CMMI-oriented assessors for CMMC.  This often results in excessive scrutiny of documentation rather than a technical assessment.)
All assessmentsParticipates in C3PAO Stakeholder Forum for consistency of interpretation among assessors.
Formal assessmentOption to cancel or postpone assessment if readiness review shows obvious deficiencies
Formal assessmentEvidence plan identifies which systems will be reviewed for each assessment objective
Formal assessmentEvidence plan identifies expected evidence for each assessment objective
Formal assessmentQuality review of assessment plan (including scoping and evidence expectations per system)
Formal assessmentIncludes 4 hours of remediation (POA&M) assessment for free  (this gives time to re-assess several practices to improve your score)
Formal assessmentAssistance writing your Joint Surveillance request so that it is obvious how important your company is to the DoD
Formal assessmentFirst-in-first-out guarantee for CMMC assessment if not chosen for Joint Surveillance
Formal assessmentLetter of Attestation (shareable with partners and government) provided for passing all formal assessments (in addition to applicable CMMC certificate, SPRS score, etc.)
Gap AnalysisGap Analysis performed by our Certified CMMC Assessors – the same ones leading formal assessments (so they know what will pass or not)
Gap AnalysisGap Analysis includes scoping assistance and contract data flow review. We are flexible to meet you where you are.
Gap AnalysisOur standard Gap Analysis projects include feedback on how to fix your problems, both while each topic is being discussed, as well as in the final report.
Mock assessmentMock assessments performed with same process as formal assessments. Educates your internal team on how to be assessed and the level of evidence required for the real thing.
Mock assessmentMock assessments are performed with a full assessment team and the same rigor as formal assessments. If you want to know -for-sure what your status is, get a Mock assessment.

What is it like to be assessed by Kieri Solutions?

We’ve completed several successful (eligible for CMMC certificate) Joint Surveillance Assessments so far. Our clients say that Kieri assessment teams are well organized, professional, easy to work with, reasonable, and compassionate.  

 

FAQs

If we miss a requirement, will Kieri Solutions provide enough detail to know what is wrong? Yes! Every assessment and Gap Analysis we do has a detailed findings report about the evidence that was reviewed for each assessment objective, and whether it met the requirement or not. If a requirement isn’t met, we describe why, which system is involved, and pinpoint exactly what part of the assessment objective wasn’t performed. We will also do our best to explain how we interpret the requirement if there appears to be a misunderstanding. If all else fails, we can point you toward some smart consultants in the CMMC ecosystem who should be able to help.

What is the pass rate for Kieri Solution’s clients?  We are glad to report that as of May 2024, all of our Joint Surveillance Voluntary Assessments (JSVA) will convert into full CMMC Certifications (this means they got perfect 110 scores or closed out all problems during their remediation assessment).  This is a testament to our customer-friendly processes – we ensure your planned scope has no major problems and review your implementation at a high-level before we schedule you for the assessment.  We also provide our customers full information about what to expect and how to prepare very early in the process.  If a problem is found, we can recommend knowledgeable experts to help you fix it.  We include a short remediation assessment for free with every formal assessment. 

What type of companies or system environments does Kieri Solutions specialize in? Our assessors are more technical than average, so we do well in high-tech and distributed environments. Most of our assessment clients utilize cloud services such as Office 365 or AWS. But we have a pool of over 20 assessors, each with experience in different areas: large enterprise, shipyards, Linux, higher education, virtual desktops, software development, manufacturing, zero trust, laboratories, etc., so we can handle almost anything you might want to throw at us.

When should we reach out to Kieri Solutions for an assessment? If you are seeking a formal assessment, we recommend waiting until you are fully ready to pass an assessment before asking for a quote. If you are looking for a Gap Analysis or Mock assessment, then it is totally fine if you aren’t ready – though you will get better information about your solutions and readiness the closer you are to fully compliant.

What happens if we sign up for Joint Surveillance but the DoD doesn’t choose us? Kieri Solutions will do your CMMC Level 2 assessment as soon as we are allowed to, in the order that each of our clients signed up.

If we miss a requirement during a formal assessment, what happens? In most cases, our clients are able to fix problems almost immediately and we schedule a POA&M re-assessment within a few days. Assuming that the problems are fixed, we will issue an assessment report that shows your final score and results, provide a letter of attestation, and if applicable: provide CMMC certification. If the re-assessment will be extensive (more than 4 hours), we will provide a quote for the re-assessment based on the time we expect it to take.

How hard is it to get a quote? Once you contact us, we will send you a questionnaire which asks questions about your readiness and the complexity of your environment. We will set up a call with our sales team to help fill out the questionnaire and answer any questions you have. After we understand how complex your information system is, we will send you a firm fixed-price quote.

How will Kieri Solutions assess _________? We are glad to discuss precedent from previous 800-171 and CMMC assessments and how we interpret gray areas. Overall, you should find us to be very reasonable. We’ve been advocating for common sense assessments and scoping since the early days of CMMC. Reach out and we will be glad to have a call to discuss.

Will there be enough assessors available to meet demand when CMMC goes live?  We’re not sure.  It doesn’t sound likely.  We have multiple teams of Certified CMMC Assessors available and are growing to meet demand.  If you sign up for an assessment with us, we will guarantee your schedule once CMMC goes live. 

 


 

More about Gap Analysis

Kieri Solutions is a leader in performing formal assessments which will turn into CMMC certifications under the Joint Surveillance Voluntary Assessment program. Because our certified assessors are performing real assessments, we have the best knowledge of what it takes to pass. Don’t waste your time getting a Gap Analysis from an untrained “professional”.

Our standard Gap Analysis is +consulting, where we tell you how to fix your problems.  If you’d like to use Kieri Solutions to perform your formal assessment later, let us know and we will only tell you our findings, not how to fix them.  This preserves our independence for the certification assessment. 

Practice with the varsity team so that you are prepared for game day.

 


 

More about Joint Surveillance

Would you like more information or a quote?

 

 
 
*These statements are based upon the text of the CMMC Proposed Rule(32CFR), which is not finalized yet.  It is extremely unlikely this portion of the rule will change, however.