CMMC Compliance in Augusta, GA

Yes. Petronella Technology Group consults on CMMC Level 1, Level 2, and Level 3 readiness for Augusta cyber-operations subcontractors that flow into U.S. Army Cyber Command programs, the Army Cyber Center of Excellence training enterprise, and the broader Fort Eisenhower contractor base. The unclassified CMMC obligation we address is one element of the trust posture a sub maintains; separate Intelligence Community contracting requirements, classified-facility clearances, and program-specific protection plans run alongside it under their own authorities.

Yes. Level 3 adds 24 enhanced practices from NIST SP 800-172 on top of the 110 Level 2 controls. The enhanced practices target advanced persistent threat resilience: organization-wide threat hunting, supply-chain risk management, penetration-resistant architecture, and advanced cyber-resiliency operations. Few RPOs offer credible Level 3 advisory. Petronella Technology Group does, and the Level 3 engagement is shaped around your specific program-protection-plan requirements. For Augusta cyber-operations contractors supporting ARCYBER-adjacent programs, Level 3 advisory is increasingly the right starting conversation.

Fort Gordon was officially redesignated Fort Eisenhower in October 2023. Past performance and historical SSP references to Fort Gordon remain valid for the period they describe. Current SSP, POA&M, and capability-statement language should use the current installation name (Fort Eisenhower). Your existing program offices, badges, and contract numbers are unchanged - only the installation name was updated. We handle the documentation refresh as part of any current Augusta CMMC engagement.

NSA Georgia is a National Security Agency cryptologic center co-located on Fort Eisenhower. Contractors supporting NSAG operate under multiple layered obligations: CMMC for the unclassified contract side, DFARS 252.204-7012 protection of Covered Defense Information, and additional Intelligence Community contracting and security requirements that run alongside CMMC under separate authority. Petronella Technology Group's scope is the CMMC element. The IC-specific overlays are coordinated with your contracting officer representative and your facility security officer, not with us, but the CMMC infrastructure we build aligns with the substrate those overlays sit on top of.

Cyber capabilities can be defense articles or defense services under the U.S. Munitions List, or dual-use items under the Commerce Control List, depending on classification. Petronella Technology Group does not act as export-control counsel - that role belongs to your trade compliance team or external counsel. Our role is to design the CUI boundary so the same controls that satisfy CMMC also support an ITAR-compliant technology-data handling posture: U.S. persons access controls, segregated environments, foreign-national access blocks where required, and the audit trail to prove all of it. We coordinate with your trade compliance lead during the boundary scoping workshop.

From $7,500 to $15,000 for the gap assessment, from $35,000 to $180,000 for remediation depending on workforce size and the depth of technical work, and from $12,500 to $25,000 for a mock C3PAO assessment. Every Augusta engagement is custom-scoped after the free initial readiness call. There are no fixed catalog prices because no two CUI environments look the same - particularly when cyber-operations workloads are involved. Level 3 advisory engagements run at the higher end of these ranges because the 24 NIST SP 800-172 enhanced practices add substantial scope.

Both. Petronella Technology Group runs a hybrid engagement model. Documentation, SSP authoring, technical remediation, and evidence collection happen remotely from our Raleigh, North Carolina headquarters. CUI boundary walks, physical-security inspections, SCIF-adjacent CUI handling reviews, workforce training, tabletop exercises, and mock C3PAO audits happen onsite in Augusta. The drive from Raleigh to Augusta is approximately 5 hours, and the travel cadence is included in every fixed-fee statement of work.

Yes. Petronella Technology Group is a Cyber AB Registered Provider Organization, RPO #1449, verified on the public Cyber AB marketplace at cyberab.org. Every consultant on the team holds the CMMC Registered Practitioner (CMMC-RP) credential. Founder Craig Petronella holds CMMC-RP, CCNA, CWNE, Digital Forensics Examiner #604180, and is MIT-Certified in Artificial Intelligence and Blockchain. The senior team (Blake Rea, Justin Summers, Jonathan Wood) also holds CMMC-RP. Petronella Technology Group has been BBB A+ accredited since 2003 and was founded in 2002.

Most Augusta subs without an existing 800-171 program need 12 to 18 months from gap assessment to a clean C3PAO Level 2 assessment. Contractors who already operate a mature ITAR or NIST CSF program can compress that to 6 to 9 months. The most common cause of delay is CUI boundary disputes inside the company itself - identifying who actually touches CUI is harder than it sounds when cyber-operations work is in scope.

Yes. The Aiken, South Carolina area is part of our Augusta delivery footprint, and we serve firms whose contract mix spans DoD CUI handling under CMMC and adjacent Department of Energy work tied to the Savannah River Site. The CMMC controls and the DOE-side requirements are distinct, but they share substrate (NIST-based control families, identity controls, physical security, configuration management), and a single coherent program can satisfy both without duplicate effort. The Aiken side of the engagement runs under the same fixed-fee structure as the Augusta side.

Yes. Every Augusta engagement includes calculation of your Supplier Performance Risk System score against the 110 NIST 800-171 practices, using the DoD published scoring rubric. We coach your designated official through the SPRS submission and provide the underlying evidence package that supports each scored control. The SPRS score is part of the body of evidence a C3PAO will look at during the formal assessment.

No. Petronella Technology Group is a Registered Provider Organization, not a C3PAO (Certified Third Party Assessor Organization). We build the body of evidence and run the mock assessment. The formal Level 2 or Level 3 assessment is performed by an accredited C3PAO whose independence from the consulting team is what gives the certification credibility. We refer you to a C3PAO when the engagement is ready for formal assessment. That independence is structural to the CMMC ecosystem and we treat it carefully.