FREQUENTLY ASKED QUESTIONS
This depends on a lot of factors. Do you currently control and manage your company's devices local and remotely? Can you deploy software to remote machines? Do you have a firewall, endpoint protection, and security configurations implemented on servers and workstations? For organizations with more mature Information Technology practices, getting CMMC compliant could take as little as 2 months. For less mature Information Technology practices, getting CMMC compliant could take as little as 4 months.
First and foremost, it would be a pleasure to work for you and partner with your organization. We begin with a preparation phase to learn your organizational structure, business practices, sensitive data types, and critical assets you host within your organization. A one size fits all doesn’t work in cyber security, so we work with you to implement tailored solutions that meet your compliance requirements but don’t have a substantial impact on productivity, end-user experience, and existing infrastructure.
No, we will not be an assessor. We are tightly entwined with third-part assessors so we are happy to refer one. Our goal is to provide the technical solutions, processes, and services so that your organization can become compliant and have good cyber-hygiene institutionalized in your organization as stated in the latest CMMC documentation. We will implement a list of solutions as well as create the assessment documentation required to be ready for an audit. Our team of experts will also provide audit support so when an auditor does come on-site our team is there to assist with providing documentation and evidence for compliance.
Yes, this is our expertise and our 24/7 Security Operations Center will be on constant alert in search of changes to your environment as well as malicious activity from both external threat actors and insider threats. Our team will identify events, analyze them and respond accordingly to contain, eradicate, and assist your team in recovering if needed. We also provide forensic analysis on incidents so we can capture all the required artifacts and then supply and report incidents appropriately to the Department of Defense in compliance with the DFARS clauses.
Yes, our customers must meet minimum security requirements in order for us to deploy, configure and monitor you networks and endpoints. First, you must have a remote management capability to deploy software to servers and workstations. Additionally, we require that your IT infrastructure has up to date supported operating systems, active endpoint protection, patching process to manage vulnerabilities, and a basic firewall capability. Don’t worry if you don’t meet these requirements, we will work with you to get those capabilities in place if they are not currently implemented as they would be required for CMMC compliance.
Our initial response to this question is no. Only times we will ask you to consider new software or hardware is if we absolutely cannot get those assets compliant and/or if adopting new software can save the organization money. We have been successful finding efficiencies for all of our customer. For example, we saved one of our customers over $100,000 in yearly IT software and services by implementing smart and compliant solutions.
The first year is a 12-month contract. Compliance is a journey, in order to get it right we must ensure our customers understand that up front. post the initial 12-months the contract moves into month-to-month contract terms. Our pricing is spread over twelve months avoiding upfront costs and annual fees. We bill our customers on the first of the month for the services and solutions we provide as an operating expense versus a capital expense.
Our team has been performing NIST-171 compliance assessments and solution development since 2017. Prior to that many have helped transition the Department of Defense major systems to NIST 800-53 that contains over 400 security controls. NIST 800-171 is a subset of NIST 800-53 controls. CMMC maps and references to many NIST controls of which our team has reviewed, updated our solutions as well as our testing plans to ensure you are ready for a third-party audit. Our team also has extensive years in implementing and sustaining systems that comply with CERT Resilience Management Model (CERT-RMM), CIS Critical Security Controls, and other similar maturity models such as ISACA’s Capability Maturity Model Integration (CMMI).
Yes, we actually implement everything in our organization as we would do in yours. We take extreme measures to ensure all data in transit and at rest are highly security using restrictive access controls, data loss protection measures, application controls, sovereignty controls, and conditional access measures.
Pricing is based on two main factors: how large your organization is (endpoints, users, servers) and what maturity level you are wanting to be audited for. We offer packages based on the CMMC Levels 1 through 5 to make is simple to understand. Please contact Hyper Vigilance so we can meet all your security and compliance needs today.
Our goal is to make cybersecurity easy, simple, affordable and effective. From compliance management to threat protection and beyond, we offer full-service cybersecurity solutions that can be tailored to meet your business’ specific needs.
When you’re ready to get on the path towards compliance, we’re here to help. Reach out to the experts at Hyper Vigilance for a free cybersecurity consultation and take your business’ cybersecurity to the next level.