CyberCompass Fortify Services

CyberCompass provides expertise to lead the work effort to map the flow of sensitive data throughout your organization and systems as required by various cybersecurity regulations and frameworks. 

CyberCompass provided expertise to lead the work effort to map the flow of sensitive data, relating to Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) as required in FAR and DFAR regulations, throughout your organization and systems. 

CyberCompass leads a work effort to identify critical business applications, assess the consequences of disruptions to your business, and prioritizes recovery strategies. A BIA is a preliminary step to the contingency planning process, which includes the Business Continuity Plan, Disaster Recovery Plan, Incident Response Plan and Breach Notification Plan. 

CyberCompass will lead stakeholders through a proven process to develop an effective Business Continuity and Disaster Recovery Plan. The business continuity plan provides detailed guidance for recovering or maintaining operations to keep the organization functional and solvent. The disaster recovery plan provides detailed guidance for recovering systems that are non-operational.  The systems may be destroyed, stolen, or corrupted but are required for the organization to operate.  

CyberCompass will lead stakeholders through a proven process to develop an effective Disaster Recovery Plan. The disaster recovery plan provides detailed guidance for recovering systems that are non-operational. The systems may be destroyed, stolen, or corrupted but are required for the organization to operate. 

CyberCompass will lead stakeholders through a proven process to develop an effective Incident Response Plan. 

A best practice, which is required by several compliance frameworks, is to regularly test your organization’s Incident Response Plan. CyberCompass will take your organization’s incident response team members and other stakeholders through a realistic incident scenario that will test your incident response plan to help validate and improve it. 

A 2-3 hour workshop with appropriate stakeholders and appropriate team members to provide training and awareness on the requirements to meet the System Security Plan control in NIST 800-171 and the CMMC Level 2 Assessment Guide (CA.L2-3.12.4). 

Hourly consulting to assist in developing the organization’s System Security Plan.

Review and critique of the organization’s System Security Plan against the standards that will be applied by a C3PAO to meet the System Security Plan control in NIST 800-171 and the CMMC Level 2 Assessment Guide (CA.L2-3.12.4). 

A 2-3 hour workshop with appropriate stakeholders to provide training and awareness on the requirements to meet the CMMC Level 1 self-attestation requirements as outlined in the CMMC regulations and the DoD’s assessment guide. 

A day-long simulation of a C3PAO assessment stepping through a limited number of requirements. It will be an actual short risk assessment asking how your organization meets each requirement, requiring and capturing evidence. It will also cover how you will need to complete an SSP and provide you with a template that has passed CMMC Level 2 certification. It will provide you with a mini security risk assessment, a formal report, an SSP template, and insight into what you will need to focus on to become CMMC Level 2 certified.