NIST 800-171/CMMC Gap Assessment and Policy Development

Totem Technologies will conduct a Security Assessment or “Gap Analysis” of your organization’s cybersecurity program against cybersecurity control sets such as NIST 800-171 and CMMC.
We’ll help you develop custom policies, personalized strategies, and a game plan that fits your small-to-medium-sized business needs.

What to Expect During the Assessment:

✔ The Security Assessment will take approximately 50 hours.  This can be increased or decreased as needed.  We understand that 50 hours is a lot of time to dedicate to an engagement like this, so we spread the assessment time over several weeks.

✔ Prior to the engagement, Totem will provide a security assessment preparation checklist as well as a spreadsheet listing the NIST SP 800-171 / CMMC controls as a “read-ahead” to familiarize your organization with the controls and requirements for compelling evidence.

✔ A cybersecurity engineer from Totem’s Cybersecurity Assessment Team will work with your staff members to review the information systems, policies, processes, and procedures that relate to your organization’s processing of Federal Government information.

✔ Totem manages the assessment in our proprietary Totem™ Cybersecurity Compliance Management tool.

What Your Organization Will Receive After the Assessment:

At the conclusion of Totem’s security assessment, your organization will receive the following deliverables:

For an overview of the DoD NIST 800-171 Assessment Methodology, check out this blog.

Not Sure Where to Start?
Try our Totem Top 10™ Gap Assessment

If you feel like your organization should be “doing cybersecurity”, but you’re not sure where to start, we also offer an abbreviated gap assessment against our Totem Top 10™.  The Top 10 are our recommendations for how any organization of any size in any industry should kick off a program to protect its IT assets.

Here’s what Totem customers have to say:

"I am very pleased with the Totem™ tool and the ability to track and manage our SSP, IRP, and POA&M via the tool. It is much easier to manage these things especially with a very small internal IT team."
Adam I.
Information Security Analyst and Network Administrator
"The use of the Totem™ tool greatly enhanced the clarity of the CMMC/NIST controls bringing all of the building of our audit compliance information and handling our remediation process."
Park W.
Director of Technology

Schedule My Assessment