Managed Compliance Program 

CyberNINES Managed Compliance Program

Cybersecurity is not a “one and done” process. It is a process that requires continuous improvement due to the ever-changing landscape of threats and technologies.

• Change Management:
  SSP, POA&M and associated documentation required for CMMC will be maintained, updated using CyberNINES’ Compliance Management Process (CMP). In addition, CyberNINES will audit controls being met including auditing vulnerability scan results and provide recommendations for remediation, after the scans are conducted. 
• Annual Readiness Assessment:
  Simulated assessment of all 110 controls each year based on the requirement 800 171. (NIST Control 3.12.3). CyberNINES will assess the system environment for substantial changes that could lead to rescoping. If it's determined that rescoping needs to occur, we will add an additional fee to the monthly charge for that time frame 
• Annual Tabletop Exercises:
  Conduct a TTX to test policies and procedures, to include IR/DR and others that get referenced or exposed in the exercise. A TTX report will be presented to summarize the analysis, findings, and gaps from the exercise. A recording of the TTX will also be provided for ongoing reference. 
• 3rd Party CMMC Assessment Support:
  CyberNINES will help facilitate a C3PAO as well as be available to help represent the client during their assessment (as needed and may require an additional block of hours to secure) 

We're here to help you get to Compliance without Complexity