Download the Prep Project Brochure to Learn More
We’ve been there, done that
To become authorized as a C3PAO, Kieri Solutions needed to pass our own CMMC Level 2 assessment by the DoD. But we were a small company without extra money. So we created a compliance program for ourselves that was as efficient and easy as possible. Policies and procedures where they were needed, but only where needed. We analyzed every requirement to figure out not just how to do it, but how to prove we were doing it. And we passed our assessment with flying colors.
After Mr. Ellis went on stage, we got a flurry of messages: “Was he talking about Kieri Solutions????” We can’t say for sure that John Ellis was talking about us, but the timing was right and we were a five person company when his team assessed us.
Anyways…!
We started helping clients with CMMC compliance
Over the last five years since the CMMC program was announced, companies of all sizes have worked with Kieri Solutions for assistance with CMMC preparation. We noticed that one thing was consistent – every defense contractor that we talked to had serious problems with their documentation and manual processes for compliance. For some reason, IT people tend to focus on the technical migrations for years and ignore documentation as long as possible. (Something about sysadmins hating documentation.) The irony is that documentation and good processes that include evidence capture (like having a user onboarding form and an account management database) is the fastest way to raise CMMC compliance scores – typically more than 100 points.
When we started consulting on CMMC, our CMMC consultants were constantly poaching from Kieri Solution’s internal documentation to share with clients. We were constantly screen sharing from our environment to show examples of how we performed required maintenance, audit log reviews, user onboarding, and configuration management. It became obvious that the best way we could help the DIB was to make our CMMC compliance program available to the public.
In late 2022, we published our program for performing CMMC compliance as the Kieri Compliance Documentation (KCD). Since then, we’ve added tons of instructions, training videos, and examples for the program, making it the best resource for non-CMMC companies to take control of their compliance.
CMMC Preparation Project
Some clients wanted more help than just the KCD – they asked Kieri to work with them to become assessment-ready.
In response to demand, we started offering a combination of services we call a CMMC Prep Project. This project is intended to get your IT department compliant with all documentation and people / process requirements in CMMC. You’re still on the hook for migrating and configuring your technical systems, but we will help you with the rest.
What is included with the CMMC Prep Project?
Kieri Compliance Documentation – access to our compliance templates, our training library, and monthly Q&A and newsletters.
✚
Consulting to prepare your documentation and processes – one of our certified assessors, with experience doing real 800-171 Joint Surveillance Assessments, works with your company to create version 1.0s of all needed compliance documents and procedures. Data flow diagrams. Policies. FIPS documentation. System Security Plan. IT databases. User agreements. Risk assessment. Change Approval Board meeting notes, and more. As our assessor is working with you to review and update this documentation, they provide training to your team about CMMC requirements and recommendations for meeting them. If we see you doing something wrong, we will let you know immediately, and help you create a plan to fix it. If you already have compliance documentation, we will work with you to decide whether to update it in place or to start fresh.
✚
Gap analysis – our certified assessor will perform an efficient assessment of your readiness after the easy stuff (documentation) is fixed. You’ll get to experience how a C3PAO performs assessment planning, scoping, and evidence review process so that your team gets an understanding of what a real assessment will be like. Because we are an Authorized C3PAO, performing real assessments, all of our assessors have an excellent understanding of what can pass and what won’t. The Gap Analysis is more efficient because we have a reduced team size to perform the assessment – one assessor rather than three. This reduces the cost dramatically while still finding issues before your formal assessment. Because we perform the Gap Analysis last, after working to fix processes and documentation, most of the problems will be resolved before we even start.
A CMMC Prep Project normally takes 6 months to complete. Our typical Prep Project client sees their SPRS score increase by 100+ points.
If this sounds good to you, please contact us to schedule a call and a quote!
If you are sick of fighting with your existing network, check out our Kieri Reference Architecture. Our optional KRA Turnkey Build service is like a CMMC Prep Project but we help you build a functional, compliant network too. Designed to be assessment ready in just 4-6 months.
Need a team on the inside?
We also offer part-time and full-time consultant teams if you need inside assistance running your CMMC program until you’re through the assessment (or beyond). We have experts at getting executive buy-in, building enterprise CUI management programs, ongoing monitoring, and ensuring that siloed teams take ownership of their compliance responsibilities.
Is Kieri the right fit for your CMMC needs?
Contact us – we will be glad to set up a call to discuss your needs.