With the onslaught of Defense Industrial Base demands! ARES has put forth a menu of engagements to meet the needs of the DIB. Echoing, Ellen Lord, the Defense Undersecretary for Acquisition and Sustainment, she stated at the 31 Jan 2020 CMMC V1 Rollout, "I do not anticipate waivers to CMMC requirements at this point in time." ARES Response -- We took notice.
Cyber Hygiene Heading Check
Basic Level 1 assessment across all 17 domains. What is current state of Cyber Hygiene. Review and redline all relevant processes and procedures. Measure compliance vice DFARS 252.204-7012. Assess current cyber hygiene via a baseline Heading Check. Please contact for pricing menu.
Cyber Hygiene - Gap Analysis
Assess the current state and assess and measure the gaps to reach a maturity Level 3. Support documentation origination and review and revise current documents to ensure gaps are closing. Remediation/cure - support efforts to close gaps.
Please contact for pricing menu.
Program Objectives and Milestones (POAM)
While many firms simply will not meet the requirements of the 17 Domains, it is recognized that costs and time may be needed to meet all practices required for a CMMC certified level. To allow a company to advance, the creation of a Program Objectives and Milestones (POAM) may be struck and is subject to review by the US Government - sometimes in advance of a contract award. Importance of a POAM cannot be overstated. Contact for pricing menu.
Independent Verification and Validation (IV&V)
In all too many instances, organic resources are used to meet NIST SP 800-171V1 requirements. Now will the efforts "taken out of hide" get you to the end state objective - a CMMC cert? Before you invest in an assessor - certifier, it may be wise to have ARES perform an Independent Verification and Validation of your work. Having a CMMC Auditor / Certifier make multiple reviews is costly. Passing the audit the first time - saves time, money, worries. Contact for pricing menu.
Document what you say you do - prove you did it with data. Reviews and redlines/edits of key documents with an eye on compliance to NIST and CMMC requirements is available at an hourly rate. Contact for hourly rate, terms and conditions. Tap into 35 years of DoD compliance and contracts expertise.
REVIEW of SUBCONTRACT FLOWDOWNS & SUPPLIER COMPLIANCE AND IMPLEMENTATION
COMPLIANCE Review and Survey of Vendors and Subcontractors in the supply chain is a priced offering
Are my suppliers complying - how do I know? Am I responsible to ensure? Do they have protection of CUI policies and procedures in place - Are they proactive?
Workforce Interviews & Training
At the end of the day, your employees are charged to live to the policies and procedures. It is highly likely that auditor - certifiers will have to conduct closed door interviews with employees to gauge whether cybersecurity awareness and training are normed to the company culture. Our measurement tests and interviews will give management a sense of the company's cyber fabric. Proactive workforce? See pricing menu.
MEASURE THE CYBER CULTURE - AWARENESS
Is my entire team--from the "C" suite to my employees "on the line" -- aware of all aspects tied to the control and management of CUI? Are all new employees briefed? Do we have refresher training or ad hoc training when there are changes? Is our policy in line with our procedures, in turn in sync with field operating instructions? Are all my organics on board? Are we proactive or reactive to the THREAT?
DOCUMENT, DOCUMENT, DOCUMENT.