Stay On Track
​
Bluestreak Consultingâ„¢ can employ two different methods of managing
the implementation process while helping SMBs achieve DFARS/NIST SP 800-171 compliance and prepare for upcoming CMMC audits.
Â
The first method involves working with and guiding your implementation team and IT department (or IT services provider) through the implementation process. Your team would be guided through each phase of the remediation and implementation. Once your team is comfortable completing a phase, Bluestreak Consultingâ„¢ will review, edit if needed, and approve each phase, and will always be available to answer questions or assist as needed.Â
Â
The second method we can offer is where Bluestreak Consultingâ„¢ manages and leads the entire process, working closely with your implementation team and IT personnel. Bluestreak Consultingâ„¢ would take on the responsibility for most of the work to ensure full compliance.Â
Â
The timeline for achieving full compliance for each method can range from 9 to 24 months.
Â
Services provided by Bluestreak Consultingâ„¢ include, but are not limited to:Â
Complementary consultation with overview of DFARS, NIST SP 800-171 & CMMC 2.0 Levels 1 & 2 Â Â Â
Security assessment of existing IT infrastructure and facility security:
-
IT Infrastructure Assessment: Evaluate networks, systems, applications, and data storage for weaknesses and potential cyber threats like malware or unauthorized access.
-
Facility Security Assessment: Evaluate physical security measures such as access control systems, cameras, and locks to prevent unauthorized entry or theft, ensuring security protocols are sufficient to protect against threats and vandalism.
Gap Analysis and Plan of Action & Milestones (POA&M):
-
Suggests improvements such as adding security controls, updating policies, or enhancing employee training.
-
Detailed post-assessment report and remediation plan
Guided or managed remediation and implementation processes:
-
Guide your team through the remediation/implementation process or take the lead and manage the entire project, performing the majority of the work.
System Security Plan (SSP):Â
-
Document security controls describe security measures, outline roles & responsibilities, and include results from risk assessment & management.
Risk Assessment:
-
Identify and prioritize risks to IT infrastructure and facility security, assessing their potential impact on business operations, data integrity, and compliance with regulations.
Submit assessment score to Supplier Performance Risk System (SPRS):
-
Submit the initial security assessment score along with a date of full implementation to the SPRS. A fully populated SSP is required to submit a score.
Policies, procedures, and evidence of compliance:
-
Bluestreak Consultingâ„¢ offers documentation templates for purchase if guided only. If Bluestreak Consultingâ„¢ leads & manages the project, documentation templates can be provided for use.
Test and validate implemented controls:
-
Testing controls, validating controls, and remediating identified issues.
Second security assessment and submit updated score to SPRS
-
Includes a second security assessment after remediation and submission of the initial score to SPRS.Â
-
This will show the results of the remediation effort and be reflected in a new score.
Annual security assessment to ensure continued compliance:
-
Annual evaluation & updating of documentation, including policy reviews, procedure updates, incident response plans, training materials, and communications and awareness.
CMMC 2.0 Levels 1 & 2 audit ready
Staff and employee security training to NIST & CMMC standards:
-
Training based on NIST SP 800-171 guidelines and CMMC 2.0 Levels 1 & 2 requirements, covering cybersecurity fundamentals, role-based training, and regular updates and refresher training.
Â
Additionally, Bluestreak Consultingâ„¢ has CMMC Registered Practitioners and Registered Practitioner "Advanced" on staff, ensuring expertise and proficiency in CMMC compliance and cybersecurity practices.
Let us help you secure your data and secure your future.
