As most organizations facing CMMC readiness have invested significant energies sharpening their IT and business practices — tightening domain controls, crafting policy documentation, conducting staff training, and scoring themselves for initial SPRS submittal — CMMC Copilot brings both structure and a convening mechanism that aggregates and evaluates current cybersecurity activities, so your business finally ascertains its true compliance readiness.

The CMMC Copilot framework is organized into 4 sequential steps that serve to simultaneously rate your readiness while coaching your team for C3PAO assessment. (For Altus Enclave clients — which gain 90+ of 110 shared CMMC level-2 controls for CUI — our Copilot RPO team leverages a “skinny” framework for preparation and evaluation, saving time and budget.)

• CUI Flow Diagram: activates your
  controls from enclave to enterprise
• PRE-Assessment: framework for
  your tech stack and cybersecurity
  practices, includes DoD SPRS score
• Readiness Workshops: actionsessions
  target incomplete domain
  objectives, plug your compliance gaps
• RE-Assessment: final SPRS score
  to validate assessment readiness.

Most organizations participating in TBS’s CMMC Copilot program find the wrap-up of weekly domain control workshops the natural time
to turn to writing.

As policy documentation assignments stack up, lock in your TBS CMMC practitioners with dedicated hours of support. Based upon how soon your C3PAO assessment is scheduled, TBS CMMC pros are available for Weekly Bursts or Monthly Teaming.

Retained hours with the TBS RPO team may be used at client discretion for project management, CMMC documentation, training, compliance counsel, and more.

• accredited CMMC professional (RP or CCP)
  as your readiness advocate and dedicated POC
• ongoing access to all TBS RPO and IT specialists
• weekly CMMC readiness sprint meetings,
  plus ongoing project management
• drafting domain policies, procedures and other exhibits upon request, includes document templates
• collaborative review of client-crafted policies
  and procedures
• writing and revisions for other client-generated CMMC and compliance documentation on-call vCISO counsel and support
• CMMC compliance training for frontline staff
  and executive teams
• access to KnowBe4 Learning Management system (includes standard CMMC and ITAR trainings)
• building custom training curricula for CMMC and other compliance frameworks
• readiness prep and practice audits for triennial
  CMMC assessments.

For organizations that have attained CMMC certification, continued planning, inspections, and compliance reviews are a must.

With our “ISSM as a Service” option you'll be sure to maintain your CMMC status and be ready as additional compliance mandates arise.

• Supporting NIST800/CMMC requirements, we collaborate with your team to craft System Security Plans, and we keep them up to date.
• Throughout the year as IT Security Inspections arise, Altus supports and manages your response, including: scheduling and coordinating site visits, servicing inspection requests, requisite documentation and reporting, and any follow-on actions and artifacts.
• To maintain your facility clearances, we partner with your IT leadership and FSO to document controls, and enact enhancements as needed for ongoing compliance.