What is included in the Secure Enclave Deployment?

Our Secure Enclave Deployment is architected to meet the latest CMMC v2.0 Level 1, Level 2, and Level 3, NIST 800-171, and NIST 800-172 standards. It is delivered within 30 days for rapid compliance and offers secure cloud or on-premises options tailored to your environment.

What does the Editable Compliance Documentation include?

The Editable Compliance Documentation includes all required policies and procedures with editable, fill-in-the-blank templates to align with your operations. It covers areas such as access control, incident response, risk management, and more.

What is covered in the Security Awareness Training?

Our Security Awareness Training exceeds AT-1, AT-2, and AT-3 requirements. It includes mandatory user training covering CMMC security best practices, phishing simulation, and real-world attack scenario training, meeting DoD compliance mandates.

How is the SPRS Score Calculation conducted?

We provide accurate SPRS score calculation to assess and document compliance, along with a compliance gap analysis and an actionable Plan of Action & Milestones (POA&M).

What features are included in the Endpoint Security, Remote Monitoring & Management?

This feature includes enterprise-grade endpoint security software, 24/7 monitoring with automated alerts and response, and remote patching & vulnerability management to maintain compliance.

What optional add-ons are available?

Optional add-ons, priced separately, include Extended Detection & Response (XDR) for advanced threat monitoring, 24/7 Security Operations Center (SOC) services, and license fees for additional users & devices, calculated per company size.

Who is this package designed for?

This package is designed for defense contractors & suppliers needing CMMC 2.0 compliance fast, companies handling Controlled Unclassified Information (CUI), and organizations looking for a complete compliance framework with minimal setup time.

What is the pricing structure and next steps?

We offer flat-fee pricing for rapid compliance (excluding third-party hardware, software, and ongoing license fees), tailored per organization size. Request a quote today to get started.

CMMC 2.0 & NIST 800-171 Compliance Packages | FedRAMP Approved

Q: What does the Annual Security Risk Assessment & Penetration Testing entail?

Our Annual Security Risk Assessment includes a full risk assessment to identify compliance gaps and an annual penetration test to uncover vulnerabilities before attackers do.

Done-With-You CMMC Compliance as a Service

Powered by ComplianceArmor.com & PetronellaTech.com

Organizations Seeking Compliance (OSCs) Get 80% CMMC Compliant in Less Than 30 Days*! CMMC maturity level, customer capabilities, customer complexities, workflow, applications, timeline and cadence varies, but less than 30 days is achievable for most small DIB companies.

This package is designed for organizations seeking compliance (OSCs) and defense industrial base (DIB) companies that need to rapidly achieve compliance with CMMC 2.0, NIST 800-171, NIST 800-171A, DFARS 252.204-7020, and NIST 800-172. We build a Secure Enclave for your Controlled Unclassified Information (CUI) providing the essential tools, policies, and security infrastructure to meet regulatory requirements FAST. Get access to our CMMC Certified Team of experts at a fraction of the cost of hiring staff. Plus get expert consulting, pen testing, table top exercises and training! *Third-Party products such as security hardware, software and license fees are sold separately and are priced dependent upon the number of users, number of devices, locations and complexity of the client. Custom options, including on-premise options are available. Call 919-601-1601 for more information!

Membership Packages & Pricing Compare Package Features	CMMC v2.0 ML 1	Ultra-Premium Tier CMMC v2.0 ML 2 or 3	Concierge CMMC Security Add-On for clients needing CMMC Expert Compliance Consulting	VIP CMMC Concierge Security Suite - CMMC v2.0 ML 2 or 3
Pricing	Call 919-601-1601 for latest pricing!	Call 919-601-1601 for latest pricing!	Call 919-601-1601 for latest pricing!	Call 919-601-1601 for latest pricing!
Target Audience	SMB, DIB Companies	SMB, DIB Companies, Enterprises	SMB, DIB and Enterprises	CMMC Prime and Sub Contractors
Key Features	Automated compliance tools, security policy framework, breach monitoring	Automated compliance tools, security policy framework, breach monitoring	Dedicated CMMC expert customized security solutions	Everything in Ultra-Premium + Up to 8 hours/month of 24/7 priority security support + Private security consulting team
Customization Level	Software-driven, minimal human interaction	Software-driven, minimal human interaction	High-touch, human expert guidance	Ultimate hands-on security & compliance service

What’s Included?

1. Secure Enclave Deployment (Fully Compliant), vetted and tested. All training and methodology has been proven to pass NIST and CMMC audits by DIBCAC or C3PAOs.

Architected to meet the latest CMMC v2.0 Level 1, CMMC v2.0 Level 2 and CMMC Level 3, NIST 800-171, and NIST 800-172 standards.
Delivered within 30 days* for rapid compliance.
Secure cloud or on-premises options, tailored to your environment.

2. Editable Compliance Documentation (80% Complete)

All required policies and procedures included.
Editable, fill-in-the-blank templates to align with your operations.
Covers access control, incident response, risk management, and more.

3. Security Awareness Training

(Exceeds AT-1, AT-2, and AT-3 Requirements)

Mandatory user training covering CMMC security best practices.
Phishing simulation and real-world attack scenario training.
Meets DoD AT-1, AT-2, and AT-3 compliance mandates.

4. SPRS Score Calculation

Accurate SPRS score calculation to assess and document compliance.
Compliance gap analysis with an actionable Plan of Action & Milestones (POA&M).

5. Annual Security Risk Assessment & Penetration Testing

Full risk assessment to identify compliance gaps.
Annual penetration test to uncover vulnerabilities before attackers do.

6. Endpoint Security, Remote Monitoring & Management

Enterprise-grade endpoint security software.
24/7 monitoring with automated alerts and response.
Remote patching & vulnerability management to maintain compliance.

Optional Add-Ons (Priced Separately)

Extended Detection & Response (XDR) for advanced threat monitoring.
24/7 Security Operations Center (SOC) services.
SimpleCyber.io Managed Services
License fees for additional users & devices, calculated per company size.

Who Is This For?

Defense contractors & suppliers needing CMMC 2.0 compliance fast.
Companies handling Controlled Unclassified Information (CUI).
Organizations looking for a complete compliance framework with minimal setup time.

Pricing & Next Steps

Flat-fee pricing for rapid compliance (excludes third-party hardware, software and ongoing license fees).
Tailored per organization size—Call 919-601-1601 or Contact Us a quote today!

The Cybersecurity Maturity Model Certification (CMMC) program, developed by the U.S. Department of Defense (DoD), aims to enhance the cybersecurity posture of the Defense Industrial Base (DIB) by ensuring that contractors and subcontractors implement appropriate cybersecurity practices to protect sensitive unclassified information.

Key Aspects of the CMMC Program:

Tiered Model: CMMC requires companies handling sensitive unclassified DoD information to implement cybersecurity standards at progressively advanced levels, depending on the type and sensitivity of the information.

Assessment Requirements: The program includes assessments to verify DIB implementation of existing cybersecurity standards.

Implementation through Contracts: DoD contractors and subcontractors handling sensitive unclassified information must achieve a specific CMMC level as a condition of contract award.

CMMC Levels Overview:

Level 1: Basic Safeguarding of Federal Contract Information (FCI): Requires an annual self-assessment and affirmation of compliance with the 15 security requirements in FAR clause 52.204-21.

Level 2: Broad Protection of Controlled Unclassified Information (CUI): Requires either a self-assessment or a C3PAO assessment every three years, as specified in the solicitation, along with annual affirmation of compliance with the 110 security requirements in NIST SP 800-171 Revision 2. CMMC Level 2 Self Assessments are operational in SPRS effective 28 Feb 25.

Level 3: Higher-Level Protection of CUI Against Advanced Persistent Threats: Requires achieving CMMC Status of Final Level 2, undergoing an assessment every three years by the Defense Contract Management Agency’s Defense Industrial Base Cybersecurity Assessment Center (DIBCAC), and providing an annual affirmation verifying compliance with the 24 identified requirements from NIST SP 800-172.

Cost Considerations for Cybersecurity Services:

When procuring cybersecurity services individually (à la carte), organizations often face substantial expenses. Average costs for key services include:

Penetration Testing: Typically ranges from $10,000 to $55,000, depending on the project's scope and complexity.
Security Risk Assessments: Costs can vary significantly based on the organization's size and complexity, with estimates around $5,000 per day for 1-2 experts working on an assessment.
Tabletop Exercises: Prices can range from $30,000 to $100,000, influenced by factors such as the number of participants, duration, and the expertise of facilitators.
Gap Analysis Exercises: Costs vary based on the scope and depth of the analysis, often aligning with the expenses associated with comprehensive security assessments.

Opting for comprehensive compliance packages, such as those offered by Petronella Technology Group, can provide a more cost-effective solution. These packages often bundle essential services like penetration testing, security risk assessments, tabletop exercises, and gap analyses, resulting in significant savings compared to purchasing each service separately. Additionally, bundled packages ensure a cohesive and integrated approach to achieving and maintaining CMMC compliance.

Frequently Asked Questions (FAQ)

Since 2020, DFARS Interim Rule 2019 (252.204-7019) has mandated defense contractors to accurately report their Supplier Performance Risk System (SPRS) scores. However, some contractors have inflated their reported SPRS scores. In response, the Defense Contract Management Agency (DCMA) has intensified verification measures and increased accountability, imposing significant consequences for contractors found to be submitting false or misleading SPRS scores.

Q: I don't have a system security plan (SSP) or Supplier Performance Risk System (SPRS) score. Can you help?
A: Yes! Our team of certified CMMC experts will use the licensed policies and procedure templates from ComplianceArmor.com and help customize them for you.

Q: Where is the enclave hosted?
A: Amazon AWS Gov Cloud

Q: I have a managed services provider (MSP), or IT provider, can they do this?
A: No, the CMMC requires clear separation of duties between IT and Cybersecurity and two forms of evidence for each control.

Q: Do I still need to hire a third-party to perform penetration testing?
A: No, annual penetration testing or pen testing is included in our package.

Q: Do I still need to pay for security awareness training?
A: No, security awareness training, including tabletop exercises and custom security awareness training to meet controls AT-1, AT-2 and AT-3 for roles based security awareness training is included in our package for as long as you're a member. You are responsible to taking the training, completing and passing the testing annually.

Q: Do I still need vulnerability assessments?
A: No, annual vulnerability assessments are included in our package for as long as you're a member.

Q: Do I still need a GAP analysis?
A: No, an annual GAP analysis is included in our package for as long as you're a member.

Get Compliant in Less Than 30 Days*!