by Ian MacRae
President and CEO, E-N Computers
25+ years experience solving business IT problems in Virginia and Washington, D.C.
Finding a CMMC consultant to help you achieve compliance for CMMC 2.0 is high on the checklist for thousands of small organizations who do business with the Department of Defense.
The Cyber AB, the accrediting body for CMMC, calls the certification process “complex and time-consuming” and considers it “crucial to leverage the expertise of a trusted third-party organization that has been authorized by the Cyber AB.”
Those ‘trusted third-party organizations’ – otherwise known as Registered Practitioner Organizations or RPOs are certified to provide CMMC consulting services, so having one is a smart idea. But where to find one that is both competent and affordable for a smaller business?
We predict that the rush is soon to be on for good CMMC consultants, especially with CMMC certification expected to be required in about a year. (It can take more than a year to implement CMMC requirements to even apply for certification, so now is the time to start.)
Here are some of the CMMC consultants we have encountered that we respect for various reasons. I tried to think of anything positive or negative you might experience even from the best to help you choose the right consultant for your needs.
You can find a long list of CMMC consultants on the Cyber AB Marketplace. Summit7 is the behemoth (with a price to match). Kieri Solutions is a great C3PAO with a focus on practical cybersecurity. F1 Solutions is a Microsoft Partner authorized to sell GCC High to smaller organizations. CTI has a wealth of experience supporting defense contractors and hardening Microsoft 365. G2 Ops has worked with the State of Virginia to audit Registered Practitioner Organizations. And E-N Computers focuses on preparing small business defense contractors for CMMC compliance.
Summit7 — Best CMMC consultant for big budgets
Location: Huntsville, AL
It’s practically impossible to talk about CMMC consultants without talking about Summit7. They’re the 800-pound gorilla in the CMMC space. Over the years, Summit7 has published useful content around CMMC and helped create Microsoft’s guide to CMMC and M365.
We had the opportunity to work with Summit7 on a project that involved helping a client recover from a security breach and implement GCC High. We were reasonably impressed with Summit7 for their knowledge about GCC High and for the way they work. As a client, you get a team that includes a project manager and specialists for various modules and tools. Their structured approach to meetings and managing expectations keeps you in the loop.
In our experience, the transition from sales to project kickoff was a bit bumpy. It took a fair bit of time for the handover to happen and for communication to pick up again. Summit7 is also expensive and their quoting isn’t always the most accurate or easy to decipher.
Kieri Solutions — Best CMMC consultants for realistic cybersecurity
Location: Woodbine, MD
Kieri Solutions is a Maryland-based CMMC consultant. They’re also listed on the Cyber AB Marketplace as a CMMC Third Party Assessment Organization (C3PAO). They have a small but highly competent team that can assist you with preparation, documentation, a mock assessment, and more.
One thing we really appreciate about Kieri Solutions is their realistic approach to cybersecurity. They understand that your network needs to be both functional and secure. They focus on solutions that are appropriately sized for smaller organizations. Their audits are also on the more affordable end for small businesses seeking CMMC Level 2 certification.
F1 Solutions — Best CMMC consultants with a Microsoft partnership
Location: Huntsville, AL
F1 Solutions is a Registered Practitioner Organization (RPO) based in Alabama. They’re also a Microsoft Partner authorized to sell Microsoft 365 Government cloud licenses, including GCC High, to organizations under 500 seats. We have had the opportunity to work with them on Microsoft 365 projects and have been impressed by their professionalism.
CTI — Most experienced CMMC consultants
Location: Timonium, MD
We’re reasonably impressed by CTI’s credentials and project history. Their team holds several cybersecurity certifications and has decades of combined experience meeting DoD guidelines. They focus on project work and are particularly knowledgeable about hardening the security of Microsoft 365.
G2 Ops — Trusted CMMC consultants
Location: Virginia Beach, VA
In 2023, the State of Virginia partnered with G2 Ops and IntelliGRC to perform an audit of CMMC Registered Practitioner Organizations (RPO) including us. So, G2 is obviously trusted. Unfortunately, IntelliGRC does not produce helpful reports. Then, the policy reports we received were ultimately copies of NIST 800-53 — a very broad set of IT standards. This is a bit like giving a CDL study guide to a car driver. Even a copy of NIST 800-171 would have been marginally more useful since it directly relates to CMMC. However, G2 Ops has done a lot of business in the Virginia cybersecurity market, so we’re including them here.
E-N Computers — Best CMMC consultant for small businesses
Location: Waynesboro, VA
At E-N Computers, we have designed our CMMC consulting services for small businesses as a collaborative process so that you feel confident and prepared for your assessment. Our two Registered Practitioners, Ian and Thomas, are IT and cybersecurity professionals that understand what is involved in running a small business.
We believe that CMMC will change the way you do business. Look at it as an opportunity to make improvements to your technology and processes. Our aim is to provide the knowledge and guidance you need so you can make the right decisions for your business and budget. Contact us today to discuss your next steps!
How is your IT maturity?
When you have the right people working together, you can implement systems and processes that actively help you reach your business goals. We sometimes call this IT maturity. But for many organizations, something is off when it comes to their partnerships, strategy, systems, and settings. How can you know what’s working well and where you have room for improvement? Start by taking our free IT Maturity Self-Assessment. You’ll walk away with some pointers and, if you want, a free appointment to discuss your results.
Is your business ready to weather changes, including employee turnover? Find out by taking our IT maturity assessment.
You’ll get personalized action items that you can use to make improvements right away. Plus, you’ll have the opportunity to book a FREE IT strategy session to get even more insights into your IT needs.