CMMC Level 2 Design-Partner Pilot
$15,000 Flat. 30 Days. CMMC-Ready.
A fixed-price engagement where we connect to your cloud, close your CMMC gaps, and hand you an assessment-ready evidence package. Led by a DoD Secret + DoE Q cleared engineer currently consulting at Los Alamos National Laboratory.
Spots limited. November 6 enforcement is 6 months away.
days until DFARS 252.204-7021 enforcement
Here is exactly what you receive.
Eight deliverables. No ambiguity. Everything your C3PAO assessor needs to see.
CMMC Level 2 Baseline Assessment
Full scan of your cloud environment against all 110 NIST 800-171 controls. You see exactly where you stand - no guessing.
Automated Gap Closure
Our platform identifies and remediates configuration gaps automatically. What takes consultants weeks, we do in days.
System Security Plan (SSP)
A complete, assessment-ready SSP documenting your security controls, boundaries, and implementation details.
Plan of Action & Milestones (POA&M)
Any remaining gaps get a clear, prioritized remediation plan with timelines your C3PAO assessor expects to see.
C3PAO-Ready Evidence Package
Screenshots, logs, configuration exports, and control mappings - packaged exactly how assessors want them.
CUI Boundary Analysis Report
Clear documentation of where your Controlled Unclassified Information lives, flows, and how it is protected.
30-Day Monitoring Dashboard Access
Real-time visibility into your compliance posture. Watch gaps close. Track progress against all 110 controls.
Final Readiness Review Call
A live walkthrough of your evidence package, SSP, and POA&M. We answer every question before you engage your C3PAO.
30 days, structured. Here is the schedule.
Every week has a clear objective. You always know where the engagement stands.
Connect & Baseline
- Cloud environment connection (AWS, Azure, or GCP)
- Full NIST 800-171 baseline scan across all 110 controls
- CUI boundary identification and data flow mapping
- Initial gap report delivered
Remediate & Automate
- Automated remediation of configuration gaps
- Policy-as-code deployment for continuous enforcement
- Access control and encryption validation
- Audit logging and monitoring configuration
Document & Package
- System Security Plan (SSP) generation
- POA&M creation for any remaining items
- Evidence collection and screenshot packaging
- CUI boundary analysis report finalized
Review & Deliver
- Final compliance posture review
- Evidence package quality check against C3PAO expectations
- Readiness review call with founder
- Complete handoff of all deliverables
Simple pricing. No surprises.
CMMC Level 2 Pilot
30 days. Assessment-ready.
Payment structure
$7,500
Due at kickoff
$7,500
Due at final delivery
What is included
- All 8 deliverables listed above
- Direct access to the founder (DoD/DoE cleared)
- PolicyCortex platform access for 30 days
- Automated remediation - not just a report
- Unlimited questions during the engagement
What is not included
- -C3PAO assessment fees (separate, typically $30K-$50K)
- -Hardware or infrastructure procurement
- -Ongoing monitoring beyond 30 days (available separately)
- -Legal counsel for contract disputes
Federal micro-purchase eligible
At $15,000, this engagement falls at the federal micro-purchase threshold. Federal agencies and prime contractors can procure with a Government Purchase Card - no competitive bidding, no formal RFQ, and procurement completes in days rather than months.
Book Your Pilot Call
30 minutes with the founder. We will review your environment, confirm scope, and get you on the schedule. No pressure, no generic sales pitch - just a direct conversation about whether this pilot is the right fit.