Get CMMC-ready without the guesswork. I’ll help you pinpoint gaps, understand requirements, and prioritize fixes—translating compliance into a clear, actionable roadmap your business can actually follow. Who This Is For: Organizations handling Controlled Unclassified Information (CUI) or subject to DFARS 252.204-7012​/​7019​/​7020​/​7021 clauses that want expert guidance to prepare for a CMMC Level 2 assessment. This service is ideal for prime contractors and subcontractors in the Defense Industrial Base (DIB) who want to avoid surprises during a formal certification engagement. Objective This is a CMMC Pre-Assessment Advisory Service delivered under the CyberAB’s guidelines for consulting and readiness services. It is not a certification assessment and is intended solely to help you understand where you currently stand and what changes are needed to prepare for a formal CMMC Assessment. What This Hourly Engagement Covers This is a flexible hourly consultation, focused on gap identification and readiness planning: - Environment Walkthrough & Context Gathering - Review of your organization’s scope for CMMC (including enclaves, assets, boundaries, and CUI handling) - Identification of security protection assets (SPAs) and operational technology in scope - Review of current documentation (SSP, POAMs, policies) Practice-by-Practice Gap Identification - Discussion of your implementation status for CMMC Level 2 practices (aligned with NIST SP 800-171 Rev. 2) - Identification of incomplete, misunderstood, or noncompliant areas - Clarification of intent statements, assessment objectives, and documentation expectations Remediation Planning Support - High-level recommendations for remediation paths - Advice on sequencing and prioritization (e.g., MFA, logging, audit prep) - Clarification on shared responsibilities (MSPs, cloud services, vendors) - Roadmap suggestions for getting assessment-ready Boundaries & Compliance with CyberAB Rules - As a Certified CMMC Practitioner (CCP) and Certified CMMC Assessor (CCA), I follow the CyberAB’s Code of Professional Conduct and maintain strict separation between consulting and assessment roles. - This service does not represent or imply certification - This is not a formal CMMC assessment and cannot result in a certification decision - This offering is designed for readiness and education only, per CyberAB policy Billing & Engagement Terms - Hourly engagement with flexible session scheduling - Optional fixed-hour blocks (10 or 20 hours) available for clients with defined readiness timelines - All services delivered remotely unless otherwise arranged Why Work With Me? - With over two decades in cybersecurity and compliance—including roles as a CISO, CMMC program architect, and trusted advisor for DoD contractors—I bring: - Practical understanding of implementation and evidence collection - Direct experience with NIST 800-171, CMMC 2.0, and DoD audit preparation - An educational, client-centered approach that prioritizes knowledge transfer and risk reduction Start Your CMMC Readiness Journey Whether you’re just starting your compliance journey or want an independent checkpoint before engaging a Certified Third-Party Assessment Organization (C3PAO), this advisory service provides actionable insight with no fluff. Let’s work together to identify your gaps, build your roadmap, and move forward confidently.