A Closer Look at Apollo's CMMC Consulting Services

Expert Leadership & Resources

Apollo is led by seasoned executive practitioners with a deep bench of world class talent to deliver results our clients can rely on.

• Former CISOs whose combined CISO past portfolio secured the delivery of hundreds of billions in goods and services to customers and constituents
• Big 4 consulting training and experience
• Extensive experience with risk and compliance activities
• Deep technical bench to assist with any technology needs including implementation services & penetration and technical security assessment experts
• End to end expert remediation support

CMMC Education Workshop

A customizable training and preparedness exercise to empower our clients with the knowledge they need understand their requirements and to manage their CMMC obligation.

• What is CMMC? A review of what CMMC is and why it matters to your organization
• What is the requirement for your business? An examination and explanation of the business drivers that have led your organization to consider or require CMMC certification
• What are the elements? A unified framework pulling in controls and standards from a number of different places to meet the DoD’s requirements – including NIST 800-53, NIST 800-171(inc 171B), FAR 52.204-21 (and others), ISO 27002, CIS CSC, and CERT RMM all wrapped together using a CMMI model-based approach
• Maturity Assessments vs Performance Audits: What is the difference and which happens when
• What to expect in a formal certification assessment
• Relevant compliance and regulatory landscape
• Applicable standards and cross-referenceable materials to make sure that the work done for one effort can be reused elsewhere as needed

Readiness Assessment & Gap Analysis

A hands on review of the current state of the client organization against its stated CMMC level goal. May include a gap analysis to provide a clear picture of specific items and work efforts are required to achieve the appropriate CMMC certification.

Phase 1

• A preliminary assessment of the current state of a client organization
• Work with client to determine CMMC level to be met
• Review and evaluation of what is in place and a callout of what is missing
• An estimated ranking is provided to help clients understand where they are on the CMMC scale

Phase 2

• Conducted after phase one has been discussed with the client
• Gap analysis uses the results from the first phase of the assessment and provides further analysis of what is missing to provide an understanding of what is required to attain the desired level of CMMC certification
• Provides the client with an actionable plan to remediate the issues that are preventing the client from obtaining their desired level of certification

The output of this can be used to scope further engagements, or to guide the work of the internal team.

CMMC Education Workshop

End to end effort to prepare the organization for CMMC certification which includes hands on technical, policy, and strategic support to ensure that all areas have been addressed and gaps that would likely threaten successful certification have been bridged.

• This is a full spectrum effort to help the client obtain the desired certification level
• This typically includes the work from a readiness assessment – can follow an assessment conducted by a separate third party or can include that work here if it has not already been done
• Includes policy and procedure development – Apollo brings a library of resources and templates to ensure all required and necessary documentation is completed
• Technical controls configuration support and testing – Apollo’s technical experts provide hands-on support and guidance to ensure that any controls that are found to be deficient are remediated, and plans of action and milestones (POAMs) are created to address any long term concerns that remain
• Implementation support tailored to meet the unique requirements and needs of each client – exactly what it sounds like: If the assessment finds that there are components missing from the client’s environment, Apollo stands ready to facilitate their timely sourcing and deployment

Documentation Support

Define and produce relevant policies, procedures, and evidence in support of CMMC certification efforts.

• Policies – many of the CMMC requirements rely on documenting policies to address how the organization handles a given scenario or issue and Apollo is here to help ensure these are crafted and in place
• Procedures – as with policies, CMMC certification above a level 1 requires that processes and procedures be documented, making them repeatable
• Controls checklist – provided and used to ensure no requirements are missed or otherwise unaddressed
• Documentation of evidence for Assessor – assistance with gathering and presenting the required evidence to make sure that the actual assessment goes smoothly
• Crosswalks for reuse against other compliance requirements – documents that map the controls and artifacts from one standard to another to minimize needlessly repeating the same work twice