01
NIST SP 800-171
The control set for protecting Controlled Unclassified Information in non-federal systems. Foundation for most defense industrial base obligations.
Domain 01 / Security
Decisions made under
Decisions made under
real threat conditions.
We deliver intelligent, context-aware insights across cybersecurity, risk, and threat intelligence. Engagements align with globally recognized frameworks and zero-trust principles, and we deliver under CMMC Level 2 controls with US-citizen-only personnel for organizations handling Controlled Unclassified Information.
WOSB Certified
CMMC Registered Practitioners
SAM.gov · CAGE Code
35+ years experience
Pembroke Pines, FL
Frameworks we work in
The standards that
The standards that
ground the work.
02
CMMC Level 1 & Level 2
Cybersecurity Maturity Model Certification. We deliver readiness work as Registered Practitioners (RPs) on staff. Not C3PAO assessors; deliberately so.
03
ISO/IEC 27001
International information security management standard. The control framework many commercial enterprises adopt to demonstrate security maturity.
04
Zero-trust principles
Never trust, always verify. We help operationalize zero-trust patterns, identity-based access, network microsegmentation, continuous validation, into existing environments without forklift replacement.
What we deliver
Operational artifacts
Operational artifacts
under Security.
01
Risk assessment
Threat modeling, asset valuation, vulnerability identification, and risk register. The honest picture of where you are before deciding what to spend.
02
Control mapping
Your existing controls mapped to the required framework (NIST 800-171, CMMC, ISO 27001). What you cover, what you partially cover, what you do not.
03
Policy and procedure library
Written information security policies and supporting procedures, scoped to your business, aligned to the framework. Not generic templates.
04
SSP and POAM
System Security Plan describing your environment. Plan of Action and Milestones for remediation. Audit-ready, refreshed as the environment changes.
05
Tabletop exercises
Incident scenarios walked through with your team. Reveals procedural gaps before a real incident does.
06
Audit preparation
For CMMC assessments, ISO certifications, customer security reviews, the documentation, the evidence, the practiced answers. Not the assessment itself; the readiness to face it.
Cross-domain
Security rarely
Security rarely
travels alone.
Security travels with Privacy (data classification, access controls) and Legal (regulatory obligations, contractual flow-downs). Healthcare engagements always involve security work; HIPAA Security Rule sits inside the broader cybersecurity context.
Most engagements also touch:
PrivacyLegalHealthcare
Frequently asked
Security questions.
Security questions.
Direct answers.
Do you handle CMMC compliance work?
Yes. CMMC Registered Practitioners (RPs) on staff. We perform readiness work, control mapping, policy and procedure development, gap remediation, and assessment preparation for organizations pursuing CMMC L1 or L2. We are deliberately not C3PAO assessors; that separation keeps our advice and the eventual assessment independent.
Do you implement NIST 800-171?
110 controls across 14 families. We do the documentation, the policy work, the gap closure planning, and we coordinate with your IT team or MSP on the technical implementation. We do not do hands-on system administration; we work alongside the people who do.
What about the US-citizen-only requirement for CUI?
For organizations handling Controlled Unclassified Information that requires US-citizen-only access, the SOPIQ personnel on those engagements are all US citizens. We confirm this in writing as part of the engagement scope.
Do you work as a prime or a sub?
Both. We frequently subcontract to primes serving DoD and federal customers, and we deliver direct engagements to commercial customers. WOSB certification and SAM.gov registration support both arrangements.
What is your relationship with your MSP partners?
We are operations and compliance consultants, not an MSP. We work alongside your MSP (or recommend one if you are looking) and handle the documentation, policy, and process work that MSPs typically do not.
Tell us what you are
trying to get done.
The discovery conversation takes 30 to 60 minutes. We respond within one business day.