ComplianceArmor® is the engagement platform Petronella Technology Group, Inc. uses to deliver complete CMMC, HIPAA, SOC 2, PCI DSS, NIST 800-171/r3, NIST 800-172/r3, NIST CSF 2.0, and FTC Safeguards documentation packages to clients in days, not months. Built and reviewed by four CMMC Registered Practitioners. Backed by RPO #1449 and 23+ years of in-the-room assessment experience.
8
Compliance frameworks delivered from a single package workflow
21-75 days
From kickoff to assessor-ready package, depending on framework
4 CMMC-RPs
Petronella, Rea, Summers, and Wood — every package reviewed by a Registered Practitioner
RPO #1449
Registered Provider Organization with The Cyber AB since the RPO program launched
ComplianceArmor® is not another self-serve compliance dashboard you log into. It is the way Petronella Technology Group, Inc. delivers compliance work to clients — built around a documentation engine, an assessor-aligned format, and a Registered Practitioner review on every package.
Speed
Most compliance projects start with a junior analyst recreating policies from a template library and end six months later in revision-three rewrites. ComplianceArmor® collapses that into a guided intake plus generation plus CMMC-RP review:
Security
The compliance SaaS category is fundamentally a multi-tenant database holding everyone's CUI, PHI, cardholder data, and access reviews. ComplianceArmor® flips that:
Format
Every artifact is shaped by people who have sat across from DIBCAC, C3PAO, OCR, AICPA-CPA, and QSA assessors:
People
Petronella Technology Group, Inc. is RPO #1449 with The Cyber AB. Four CMMC Registered Practitioners on staff — Craig Petronella, Blake Rea, Justin Summers, and Jonathan Wood — review your package before it ships:
Select your target framework and ComplianceArmor® generates a complete documentation package mapped to the control set your assessor uses — with the formatting, terminology, and evidence structure they expect.
ML1 (17) / ML2 (110) / ML3 (134)
Defense contractors handling FCI or CUI. C3PAO and DIBCAC-ready SSP, POA&M, SPRS score.
Explore CMMC →42 specs + 33 policy templates
Providers, plans, and business associates. OCR audit-ready Security and Privacy Rule coverage.
Explore HIPAA →All 5 Trust Services Criteria
SaaS, cloud, and fintech. AICPA-aligned Type I and Type II evidence package.
Explore SOC 2 →PCI DSS v4.0.1 SAQ-D & ROC-equiv
Card-handling merchants, fintech, and service providers. QSA-ready documentation.
Explore PCI DSS →110 controls + 35 NIST 800-172 enhanced
Non-federal systems handling CUI. r2, r3, and 800-172 r3 enhanced security requirements.
Explore NIST 800-171 →6 Functions / 22 Categories
Govern, Identify, Protect, Detect, Respond, Recover. Pairs with Petronella XDR for live evidence.
Explore NIST CSF →16 CFR 314 + 2026 amendments
Financial institutions under GLBA. WISP, risk assessment, qualified individual designation, breach reporting.
Explore FTC Safeguards →ISO 27001 (in development) + CCPA
CCPA today. ISO 27001:2022 Annex A controls in active development — ready Q3 2026.
Explore privacy frameworks →
A typical CMMC Level 2 engagement on a 60-day path. Other frameworks compress or extend, but the shape is the same: scope-locked early, documentation done mid-engagement, assessor handoff at the end.
30-minute scoping call with a CMMC Registered Practitioner. CUI boundary, asset inventory, and assessment driver confirmed. Fixed-fee quote signed.
Guided intake captures organization profile, system description, technology stack, existing controls, and gap evidence. Signed engagement-inputs.json delivered to your repo.
SSP, 14 security policies, 14 operational procedures, POA&M, SPRS score, gap analysis, evidence checklist, CUI boundary documentation, responsibility matrix, continuous monitoring plan — branded with your logo, formatted to assessor standard.
Final CMMC-RP review, interview prep guide, evidence walkthrough, and warm handoff to the C3PAO of your choice. We stay in the room for clarification questions during the assessment itself.
A guided workflow built around the questions assessors actually ask, run by a Registered Practitioner Organization. You do not log into a SaaS dashboard. You do not write your own policies. Petronella Technology Group, Inc. delivers a complete package.
Discovery call, CUI boundary scoping, guided intake covering org profile, system description, and existing controls.
AI-assisted gap analysis against your selected framework, reviewed line-by-line by a CMMC Registered Practitioner.
Complete documentation package generated, formatted to assessor standard, branded with your logo, signed and ZIP-packaged.
Interview prep, evidence walkthrough, and warm handoff to your C3PAO, CPA, or QSA. We stay in the room.
Every engagement is priced from a transparent base, with the scope-adjustment table published on this page (not negotiated in the dark). C3PAO, CPA, and QSA fees are separate and paid directly to the assessor — we tell you the range up front. Run the ROI calculator for an exact number on your scope.
| Engagement | From price (fixed) | Timeline | Assessor fee (separate) |
|---|---|---|---|
| Gap Assessment + Roadmap | $1,997 flat | 2 weeks | None — 100% credit toward any DFY within 90 days |
| CMMC Level 1 Done-For-You | From $6,997 | 21 days | Self-attested (no third-party fee) |
| HIPAA Done-For-You | From $7,997 | 30 days | OCR audit only on triggered investigation |
| PCI DSS v4.0.1 SAQ-D | From $9,997 | 45 days | QSA optional for ROC-equivalent |
| SOC 2 Type I Audit-Ready | From $14,997 | 45 days | CPA audit: $5K-$50K typical |
| CMMC Level 2 Tier 1 (audit-ready docs) | From $24,997 | 60-75 days | C3PAO: $30K-$50K typical |
| CMMC Level 2 Tier 2 (DFY Managed) | From $24,997 + From $5,997/mo | Continuous | C3PAO: $30K-$50K typical |
| CMMC Level 3 Sovereignty | Custom $200K-$500K Yr1 | 9-12 months | DIBCAC-led (no commercial fee) |
| Bundle: CMMC L2 Tier 1 + HIPAA | From $34,997 (12.5% off) | 75 days | C3PAO separate |
| Bundle: HIPAA + PCI + SOC 2 | From $24,997 (24% off) | 60 days | CPA + QSA separate |
Base assumption: 1 location, 5-50 employees, single CUI type, U.S.-only operations. Larger or more complex scope is priced up using a published scope-adjustment table (additional location +$3,500, 51-100 employees +$5,000, 101-250 employees +$10,000, multi-CUI +$5,000, existing ISO 27001 -$3,000, etc.). All adjustments are disclosed before signature. Payment terms are scoped individually on the discovery call. No multi-year lock-in, no auto-renewal.
120-employee defense contractor, 2 locations, single CUI type, existing ISO 27001:2022, target CMMC Level 2 Tier 1:
$24,997 base + $3,500 extra location + $10,000 (101-250 employees) − $3,000 ISO maturity discount = $35,497 fixed fee. C3PAO assessment ($30K-$50K typical) is paid directly to the C3PAO. All-in for this prospect: ~$65K-$85K, with a 60-75 day delivery target.
"Built and delivered by compliance practitioners who have sat across the table from assessors — not just software engineers."
ComplianceArmor® is a registered trademark of Petronella Technology Group, Inc. (Raleigh, NC, est. 2002). Petronella is a Registered Provider Organization (RPO #1449) with The Cyber AB. RPOs deliver consulting and remediation services; the formal CMMC assessment itself is performed by an accredited C3PAO. Four CMMC Registered Practitioners are on staff to scope, deliver, and review every ComplianceArmor® engagement:
Craig Petronella — CEO, CMMC-RP, NC Digital Forensic Examiner #604180-DFE, #1 Amazon Best-Selling author of 14+ cybersecurity books. Blake Rea — CMMC-RP. Justin Summers — CMMC-RP. Jonathan Wood — CMMC-RP.
For engagements that require additional credentials — CISSP-led penetration testing, expert-witness testimony, courtroom-grade digital forensics — Petronella Technology Group, Inc. brings in vetted partners from our CISSP-credentialed network at the same fixed-fee structure.
Self-serve SaaS platforms (Vanta, Drata, Hyperproof, Secureframe, Apptega) sell you a workspace where your team writes the documents. ComplianceArmor® is a done-for-you engagement where Petronella Technology Group, Inc. writes them for you — scoped to your environment, reviewed by a CMMC Registered Practitioner, and assessor-formatted.
High-CUI manufacturing primes and software contractors get sector-specific scoping, enclave design, and assessor-ready evidence libraries.
Practice-specific Security Rule, Privacy Rule, and breach-notification documentation for clinics, billers, and telehealth providers.
Trust Services Criteria mapped to your stack, with audit-ready policies, procedures, and evidence libraries for AI, fintech, and healthtech SaaS.
Vetted by the four CMMC Registered Practitioners who deliver these engagements at Petronella Technology Group, Inc.
A complete documentation package, signed and ZIP-packaged, sized to your selected framework. The CMMC Level 2 package includes: System Security Plan (NIST SP 800-18 structure), 14 security policies, 14 operational procedures, SPRS score report, POA&M (official template), gap analysis, evidence checklist (organized by control family), responsibility matrix, CUI boundary documentation, continuous monitoring plan, control mapping matrix, interview prep guide, assessment readiness checklist, and executive summary. HIPAA adds 33 policy templates covering every safeguard category. Output is delivered as branded PDF, HTML, CSV, and ZIP, with editable native source for the policies. ComplianceArmor® also auto-generates the Power BI evidence package for CMMC Level 2 — including the Acceptable Use Policy, Data Classification Policy, BI Standard Operating Procedure, and the RBAC matrix that maps each NIST 800-171 r3 control to an artifact.
Eight: CMMC v2.0 (Levels 1, 2, and 3) including the NIST SP 800-171 r2 and r3 control set, NIST SP 800-172 r3 enhanced security requirements, SOC 2 (all five Trust Services Criteria), PCI DSS v4.0.1, HIPAA (Security Rule and Privacy Rule), NIST Cybersecurity Framework 2.0, FTC Safeguards Rule (16 CFR Part 314), and CCPA. ISO 27001:2022 Annex A is in active development with a Q3 2026 target.
The documentation itself generates in minutes once scope is locked. Total engagement timelines depend on the framework: CMMC Level 1 in 21 days, HIPAA in 30 days, PCI DSS v4.0.1 in 45 days, SOC 2 Type I audit-ready in 45 days, and CMMC Level 2 audit-ready docs in 60-75 days. Compare to the 4-8 weeks of senior staff time a Vanta/Drata-style workspace still requires from your team, or the 12-24 weeks a boutique consultancy quotes.
Assessor-ready. Every artifact is formatted to the structure DIBCAC and C3PAO assessors expect. The SSP follows NIST SP 800-18. The POA&M follows the official template. The control narratives use the language assessors are trained on. Petronella Technology Group, Inc. has four CMMC Registered Practitioners on staff who have been in the assessment room, and the platform was built around what those assessors actually ask for. A CMMC-RP reviews and signs off on every package before delivery.
No. ComplianceArmor® is security-first by architecture. Your scoping inputs produce your package, then the engagement-inputs.json is signed and lives in your repository — not a multi-tenant SaaS database. Your CUI, PHI, cardholder data, and customer data never sit on our servers. The package itself is generated and delivered to you in editable formats. For CUI in transit between Petronella Technology Group, Inc. and your team during the engagement, we use the Petronella encrypted data and email system.
You do, forever. No subscription gate. No DRM. No platform lock-in. The package ships in editable PDF, HTML, CSV, and ZIP, plus native source for the policies. Cancel any annual support arrangement and the documents stay yours, unaltered.
Those are self-serve SaaS workspaces. Your team still writes the SSP, the policies, the procedures, the POA&M, and the control narratives — the SaaS just hosts the templates and the evidence collection. ComplianceArmor® is a done-for-you engagement run by a Registered Provider Organization. Petronella Technology Group, Inc. writes the documents for you, scoped to your environment, reviewed by a CMMC Registered Practitioner, and assessor-formatted. You get an outcome, not a workspace. See the side-by-side comparisons: vs. Vanta, vs. Drata, vs. Hyperproof, vs. Secureframe, vs. Apptega.
Every framework starts from a transparent base price: CMMC L1 from $6,997, HIPAA from $7,997, PCI DSS from $9,997, SOC 2 Type I from $14,997, CMMC L2 Tier 1 from $24,997. Larger or more complex scope is priced up using the published scope-adjustment table on this page (additional locations, employee bands, multi-CUI types, GCC High enclave, etc.) — all adjustments are disclosed before signature. Third-party assessment fees (C3PAO for CMMC, CPA for SOC 2, QSA for PCI DSS) are separate and paid directly to the assessor; we publish the typical range on the same pricing card. Payment terms are confirmed individually on the discovery call. No multi-year lock-in, no auto-renewal. Run the ROI calculator for a number specific to your scope.
No, and Petronella Technology Group, Inc. is careful to draw that line. An RPO (like us, #1449) delivers consulting and remediation services — scoping, documentation, gap analysis, evidence collection, and assessor handoff. The formal CMMC assessment that produces a Level 2 certification is performed by an accredited C3PAO. We work alongside the C3PAO of your choice, or we refer one from our network. The C3PAO fee is separate and paid directly to them; we publish the typical range up front.
Yes. The package is already customized to your organization profile, system scope, and intake responses before you receive it. You also receive editable native source (Word, Markdown, JSON) for the policies and procedures — you can adjust language, branding, or organizational specifics at any point, including after the engagement is complete. The package is yours forever and can be regenerated against any future framework update at the same fixed-fee structure.
Tell us about your scope and a CMMC Registered Practitioner from Petronella Technology Group, Inc. will reach out within one business day with a fixed-fee quote and projected timeline.
No obligation. No auto-renewal. 30-minute scoping call is free.
Petronella Technology Group, Inc. · Raleigh, NC, est. 2002 · Registered Provider Organization #1449 with The Cyber AB.
