Need Help Implementing CMMC?
As an approved Registered Provider Organization (RPO) by The Cyber AB (formerly the Cybersecurity Maturity Model Certification (CMMC) Accreditation Board), Appalachia Technologies provides full-scope CMMC services, from assessments, writing your System Security Plan and other documentation, expert penetration testing, or full scope CMMC-compliant managed IT services. Our team of Registered Practitioners (RPs) perform CMMC readiness assessments to help prepare DIB contractors for Certified Third-Party Assessor Organization (C3PAO)s audits by identifying gaps and offering remediation solutions. Our proprietary assessment process was designed by military cybersecurity experts, setting Appalachia apart from competitors who perform assessments as a “paper only” exercise. Our assessments are faster, more accurate, and provide actionable cybersecurity intelligence to our customers.
Appalachia’s CMMC Readiness Assessment begins with a full network vulnerability assessment of all IP endpoints using industry-standard tools such as Nessus. While the network assessment is underway, Appalachia will begin a review of the IT, and other, documentation as it pertains to NIST 800-171 and CMMC 2.0 alignment. These documents shall include, but are not limited to, physical and logical network diagrams, configurations, facilities drawings, policies, procedures, diagrams, flow charts, etc.
Once Appalachia has ascertained a cursory picture of your overall cybersecurity posture, one or more interactive sessions will be scheduled with the relevant Client personnel, with the purpose of answering all controls listed in NIST 800-171 and the CMMC.
After these controls have been answered, Appalachia will write a NIST 800-171 compliant System Security Plan (SSP) with the additional CMMC controls and appendices, in addition to a Plan of Action & Milestones (POA&M). Lastly, Appalachia will make recommendations for NIST/CMMC alignment and general cybersecurity best practices.
Appalachia is a full-service Managed Services Provider with a big focus on cybersecurity. We do not sell any hardware, which allows our services to be delivered in a vendor agnostic manner. Appalachia is a top 50 Best Places to Work in Pennsylvania for three years running, and as a result we are able to hire and retain top technical talent. Our people are what really make the difference - including some of the most experienced engineers found anywhere within our operating territory. Appalachia’s engineers diligently maintain up-to-date IT professional certifications ensuring we bring the most current knowledge to our clients on a daily basis.
In 2020, Appalachia acquired Stronghold Cybersecurity – a company specializing in NIST, CMMC, and DFARS compliance consulting services for defense contractors. Our job at Appalachia is to take away all of your CMMC compliance pain by providing every IT and cybersecurity service you need to comply. We do this by employing in-house cybersecurity experts who meet the DoD’s own qualifications guidance. Our NOC/SOC is staffed by all US-based, W-2 employees.
As an RPO in the CMMC ecosystem, Appalachia is authorized to provide consulting services to defense contractors and employs trained staff in the CMMC methodology. RPO status is achieved once an organization meets specific criteria, including Registered Provider (RP) training completion by a staff member and a background check of the organization and associated RPs.
In addition to being an RPO, Appalachia is a SOC 2, Type II audited company. SOC 2 audits are based on the AICPA’s Trust Services Criteria. SOC 2 service auditor reports focus on a Service Organization’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system. “Appalachia Technologies delivers trust-based services to their clients, and by communicating the results of this audit, their clients can be assured of their reliance on Appalachia Technologies’ controls.” Again, more evidence of our commitment to cybersecurity and protection of client data.
Unlike NIST 800-171, the CMMC is not a “self-attestation” – certifications will only be performed by approved third party CMMC auditors (C3PAOs). Start planning for compliance now, as only CMMC audited and certified companies will be allowed to continue working with the government. For those companies that are already meeting NIST 800-171, there will be additional requirements that must be met before they can become CMMC certified. With hundreds of thousands of contractors who need to get ready for the CMMC, waiting any longer is not an option.
Avoid losing time by working with an RPO who has the accreditation from the CMMC-AB itself - For more information or to get help now, contact us at (888) 277-8320.