NIST and CMMC Compliance

C3PAO Logo

CMMC logo

Our Approach:

iWorks provides consulting, assessment, remediation, monitoring, and maintenance services to support your National Institute of Standards and Technology (NIST) and Cybersecurity Maturity Model Certification (CMMC) journeys. Our approach begins by understanding your compliance requirements, desired maturity level, and schedule to create a roadmap that leverages your current compliance stance in preparation for CMMC. For clients needing technical assistance to meet the desired compliance level, we offer our highly qualified and certified technical staff to work with your team to address gaps in your cybersecurity posture. Finally, we build upon successful compliance to help your organization institutionalize cybersecurity by providing ongoing advanced monitoring, incident response capabilities, vulnerability scans and analysis, intrusion detection and response, and advanced threat preventions.

As an organization that is working toward getting CMMC level 3 certified, we understand what is required to implement, pre-assess, and prepare for the final certification. We help businesses like yours prepare for CMMC compliance. With our NIST 800-17, ISO 27001, and Capability Maturity Model Integration (CMMI) implementation expertise and early engagements with the CMMC ecosystem, we understand the upcoming compliance requirements and will help you prepare for your assessment. We also understand process institutionalization will be a big differentiator in CMMC because it provides assurances that the practices are being implemented effectively and in a sustainable manner.


  • Consulting Services
    • Define Controlled Unclassified Information (CUI)/Federal Contract Information (FCI) boundary
    • Perform assessments to determine your required compliance level
    • Identify and document types of information that are passing through your environment
    • Perform cybersecurity gap analysis
    • Assess existing processes and controls against the CMMC framework
    • Perform reciprocity analysis
    • Implement security controls and requirements in NIST 800-171
    • Develop a roadmap to your desired CMMC maturity level
    • Develop and update required documents such as policies, procedures, System Security Plans (SSP), and Plan of Actions & Milestones (POAM)
    • Resolve assessment findings
    • Recommend and implement technology and tools to meet cybersecurity requirements
    • Offer ongoing support to institutionalize cybersecurity and provide recurring security program tasks on a strict schedule
    • Provide monthly vulnerability scans
    • Resolve threats and vulnerabilities identified during scans
    • Provide incident response support including required data collection and reporting
  • Assessment
    • iWorks is a CMMC Third-Party Assessor Organization (C3PAO) and can perform your CMMC assessments


  • Processes:
    • We developed a security management framework (iSecMGR) to help our clients achieve and maintain security compliance, safeguard CUI, and align information security policy and strategy with business goals. We are an ISO 20000-1:2011, ISO 27001:2013, and ISO 9001:2015 certified company. Click here to learn more.
  • Technology:
    • The iWorks Solution Lab allows our team to continually evaluate and work with new and relevant cybersecurity and log analytics tools, including Splunk; Elasticsearch, Logstash and Kibana (ELK); Nessus; Microsoft Baseline Security Analyzer (MBSA); and Dynatrace application monitoring. We also evaluate and work with new and relevant security infrastructure technologies on AWS, Microsoft Azure, Google Cloud, and on-premises systems. Click here to learn more.
  • People:
    • Our team brings experience and expertise covering a wide range of cybersecurity frameworks, practices, and technologies, from NIST Risk Management Framework (RMF) and Continuous Diagnostics and Mitigation (CDM) Framework to Nessus vulnerability assessment and Dynatrace security and application monitoring. Our team members have security certifications including Certified Information Systems Security Professional (CISSP) and Security+, and security technology certifications including Dynatrace. Click here to learn more.
    • Our team includes experienced, certified professionals who have years of firsthand experience with IT best practices for your industry. We have CMMC certified provisional assessors and NIST expertise to further assist your compliance with Defense Federal Acquisition Regulation Supplement (DFARS) and CMMC compliance requirements.
    • Our team is highly skilled in a wide range of cloud and infrastructure best practices and technologies, from the IT Infrastructure Library (ITIL) and Information Technology Service Management (ITSM) to AWS, Azure, and Google Cloud. Our team members are certified in Lean Six Sigma and cloud technologies, including AWS and Google. Click here to learn more.

Click here to begin your cybersecurity journey with iWorks.