Regola Cyber can help your organization assess current implementation of cybersecurity controls and improve compliance with United States Department of Defense regulations in preparation for an audit. We have experience with NIST 800-171 audits, DFARS 252.204-7012 compliance, the Cybersecurity Maturity Model Certification (CMMC) framework and NIST 800-53. In February 2021, our application to become a CMMC Third Party Assessor Organization™ was accepted as one of the first 75 listings and we have been involved with the CMMC ecosystem since that time. We are currently an Authorized C3PAO (see The Cyber-AB Ecosystem).

Meeting compliance regulations and preparing for audits can be labor-intensive, expensive, and complicated. Regola Cyber uses a suite of products and automation to reliably review security settings and implement security controls across your company. With these efficient methods, we can bring you into compliance in less time and at a lower cost than using traditional methods. We are ready to help small- and mid-size businesses meet all current standards. We understand the challenges of meeting these regulations in a timely and cost-effective way. Since we have deep experience in the architecture of sophisticated systems that obtained NIST 800-53 ATO, you can be assured that your NIST 800-171 system design won’t be our first design to go through an assessment. In fact, we scored a perfect 110 on our first CMMC Version 2.0 C3PAO Assessment with no gap remediation window. We can work with your team to schedule a gap analysis and use the findings to implement changes to bring your company into compliance. If you are seeking a Mock Assessment (i.e. no consulting component) to evaluate your team’s readiness for formal assessment, we can also assist you with this before a CMMC certification assessment, including on a subset of the requirements if you are looking for a spot check at reduced cost over assessing the full 110 CMMC controls.

We anticipate official CMMC certification assessments (i.e. an assessment that results in the issuance of a CMMC Certificate) will be forthcoming in early 2025 after rulemaking is finalized and a date is set by DoD. Contact us to be on our waiting list and be among the first to get news from Regola Cyber concerning CMMC assessment availability at: [email protected]. Prior to the completion of rulemaking and the implementation of official CMMC Certification Assessments, OSCs who desire an assessment can request a Joint Surveillance Voluntary Assessment (JSVA), which is conducted by a C3PAO and the DIBCAC. If you would like to discuss your readiness for a Joint Surveillance Voluntary Assessment (JSVA), contact us at: [email protected].

Please note that in compliance with CMMC-AB/Cyber-AB guidelines, Regola Consulting, Inc. DBA Regola Cyber will not perform an assessment and compliance consultation for the same company.