by Scott Jack
Content Contributor, E-N Computers
Over 10 years of experience in healthcare IT and tech support.
After you’ve worked with a Registered Practitioner Organization (RPO) to plan and implement the security controls you need for CMMC compliance, it’s time for an assessment completed by a Certified Third Party Assessor Organization (C3PAO). As we have said before, “the cost for assessing an individual location will be in the $30,000 to $50,000 range.” What happens during an assessment?
In short, C3PAOs look at all the documentation you have created and conduct interviews with staff to determine whether you meet requirements. They submit their findings to The CyberAB. If you pass, you receive your three-year certification.
If you fail, you are provided with a list of items that require corrective action. You have seven days to request a 90-day remediation window. You can use that time to fix any deficiencies and have the same assessor come back to check on those specific items.
With all that in mind, here are our picks for certified third party assessor organizations near Washington, D.C. We also invite you to check out our list of the best CMMC RPOs near D.C.
So you know where we are coming from, we are a Registered Practitioner Organization with three engineers who have qualified as Registered Practitioners and nearly 30 years of IT experience as a Virginia-based MSP. We don’t offer assessments, but we can help you get ready for one.
QUICK ANSWER:
Who are the best CMMC assessors near Washington, D.C.?
Our top recommendation for your C3PAO is Kieri Solutions, a small, lean team with affordable rates and a practical focus. Other top C3PAOs in the D.C. area include Coalfire Federal, CohnReznick, iPower, and SoundWay.
Kieri Solutions – best CMMC assessor with a sharp, lean team
Website: https://kieri.com/
Location: Woodbine, MD
Our top pick for C3PAO has to be Kieri Solutions. Although they’re outside the D.C. metro area, we think they are definitely worth your consideration. They have a small but highly competent team that can assist you with preparation, documentation, a mock assessment, and more.
One thing we really appreciate about Kieri Solutions is their realistic approach to cybersecurity. They understand that your network needs to be both functional and secure. They focus on solutions that are appropriately sized for smaller organizations. Their audits are also on the more affordable end for small businesses seeking CMMC Level 2 certification.
Coalfire Federal – best CMMC assessor trusted by federal agencies
Website: https://coalfirefederal.com/
Location: Chantilly, VA
Coalfire Federal is both an RPO and a C3PAO and was one of the first companies to receive accreditation as a C3PAO. Coalfire Federal promises:
- An understanding that each company requires a custom approach and there is no one-size-fits-all solution.
- Mock assessments to make sure you are ready for the real thing.
- Accurate, verifiable results that are on-time and within budget.
To learn more about their process and get answers to a list of frequently asked questions, visit the CMMC C3PAO Assessment Services page on their website.
CohnReznick – best CMMC assessor for enterprises
Website: https://cohnreznick.com/
Location: Tysons, VA
CohnReznick is a century-old accounting firm headquartered in New York City and with offices in Tysons, VA. They offer advisory services as both an RPO and C3PAO (remember, a company cannot do both for you). As a C3PAO, they manage the assessment process for you, which includes engaging certified assessors, performing assessments, reviewing assessments for quality, and submitting assessments.
iPower – best CMMC assessor with a certified assessor CEO
Website: https://ipowerllc.com/
Location: Reston, VA
iPower is an RPO and C3PAO, with a CEO and President that is a Certified CMMC Assessor. During your assessment, they will review tangible artifacts and conduct interviews to evaluate compliance with applicable CMMC requirements. Following completion of the assessment, iPower will provide an assessment report that notes any findings and deficiencies and will report the results to the Cyber AB for review and approval.
SoundWay – best CMMC assessor with a warranty of work
Website: https://soundwayconsulting.com/
Location: Silver Spring, MD
SoundWay is an RPO and C3PAO. They promise thorough assessment for level 2 certification, submission of findings to the CyberAB and updating your file in the system of record, and identification of any corrective actions that must be taken. With decades of experience in supporting clients with government contracts, they promise to go beyond basic recommendations and offer practical knowledge. They also offer a warranty of work: “If your audit were to fail the CYBER-AB or other body of authority, we will provide up to 40-hour complimentary expert cybersecurity services to defend your position or remedy it.”
Resources for CMMC compliance
- The Ultimate Guide to CMMC
- The Ultimate Guide to DFARS and NIST 800-171 (in plain English)
- What is FCI and should I worry about it?
- What is CUI and should I worry about it?
If you’re looking for CMMC tools and training:
- We found the best GRC tool for CMMC
- Best CMMC training resources
- CMMC Level 1 guide as audio book
- CMMC Level 2 guide as audio book
If you’re looking for a CMMC consultant or Registered Practitioner Organization:
- Best CMMC consultants
- What are CMMC Registered Practitioners and do I need one?
- Best CMMC RPOs near Washington, DC
- Best Virginia Registered Practitioner Organizations
If you’re looking for information about CMMC that is targeted toward smaller businesses:
We also offer free CMMC strategy consultations to Virginia companies needing help with compliance and certification. Book your 30-minute, no-obligation strategy session today to learn about the next steps you need to take toward certification and how a partner like E-N Computers may be able to help.
Complimentary review with a veteran engineer
Are you ready for CMMC?
Get a free strategic consultation to start your journey toward CMMC compliance.
Industries
Locations
Waynesboro, VA
Corporate HQ
215 Fifth St.
Waynesboro, VA 22980
Sales: 540-217-6261
Service: 540-885-3129
Accounting: 540-217-6260
Fax: 703-935-2665
Washington D.C.
1126 11th ST. NW
Suite 603
Washington, DC 20001-4366
Sales: 202-888-2770
Service: 866-692-9082
VA DCJS # 11-6604
Locations
Harrisonburg, VA
45 Newman Ave.
Harrisonburg, VA 22801
Sales: 540-569-3465
Service: 866-692-9082
Richmond, VA
3026A W. Cary St.
Richmond, VA 23221
Sales: 804-729-8835
Service: 866-692-9082