1. What types of clients do you work with?
We specialize in supporting small to midsize businesses in the Defense Industrial Base (DIB) that must comply with DFARS, CMMC, and NIST 800-171 requirements. Many of our clients already hold government contracts or are actively pursuing them.
2. Do you work with clients who already have a government contract?
Yes. In fact, we prefer to work with clients who already have a contract or are subcontractors, as our services are designed to strengthen and sustain ongoing compliance and risk management for active contractors.
3. What is the difference between your service tiers?
Our tiered service packages are structured based on your organization’s maturity level.
- Essentials Tier provides foundational readiness
- Core Compliance is for structured implementation
- Complete Defense includes audit preparation, evidence support, and compliance defense
You can also add MSSP services for real-time cybersecurity protection.
4. What’s included in your MSSP Add-On Bundle?
The MSSP bundle includes services like email threat protection, endpoint security (EDR), DNS filtering, dark web monitoring, and vulnerability scanning. It’s designed to give you layered cybersecurity without handling CUI or managing your internal systems directly.
5. Do you provide a System Security Plan (SSP) and POA&M?
Yes. We provide both template-based and customized System Security Plans (SSP) and Plans of Action & Milestones (POA&M) depending on your tier level and readiness.
6. Are your services CMMC-compliant?
Yes. We are a CMMC-AB Registered Practitioner (RP), and all services align with CMMC Level 1 and Level 2 requirements. We follow NIST SP 800-171 guidance and ensure services do not involve access to CUI unless specified by the client.
7. How do you help during a CMMC assessment or audit?
We provide Assessment Defense Support, which includes coaching, evidence package reviews, and serving as a liaison during assessor interviews to ensure proper control interpretations.
8. Can you help us procure the right tools or licenses?
Yes. As an authorized PreVeil Referral Partner, we offer free license planning and procurement guidance for email and file encryption solutions that meet CMMC and DFARS requirements.
9. Do you offer one-time services or ongoing support?
While our packages are monthly subscriptions, we also provide project-based consulting such as SSP development, gap assessments, or policy design. We tailor engagements to your exact needs.
10. How quickly can we get started?
After an intake form is submitted and an NDA is signed, onboarding typically begins within 3–5 business days, depending on the selected package and scope of services.