ISSI conducts on-premise, virtual, or hybrid assessments. Our experts work with your company’s IT staff to guide and provide mentoring on CMMC security controls. It starts with a one hour kick-off meeting that includes the senior leadership team to review the cybersecurity environment and ensure it is part of corporate culture, and not just a checklist.

Our team of professionals conduct the pre-assessment using one, two, or all three methods of examining, testing, and interviewing to obtain a body of evidence. This is organized and turned into a summary report by ISSI that provides an evaluation of the cyber maturity of the organization and identifies vulnerabilities that require remediation to comply with CMMC security controls. Additionally, the assessment team determines and verifies the company’s Supplier Performance Risk System (SPRS) score.

Companies receive a breakdown of the 17 domains and the current number of practices required at each of the CMMC levels. Security controls that do not meet CMMC standards are summarized and organized into a prioritized list to help IT staff determine which practices to remediate in order of precedence or level of importance.

ISSI has the expertise to evaluate each of the CMMC security controls. By partnering with ISSI, companies can benefit from a CMMC pre-assessment to strengthen their cybersecurity posture. Using a Good, Better, Best format, ISSI enables companies to evaluate remediation options for cost and effect.