Skip to the main content.
Under Attack? Login
Under Attack? Login
Managed Extended Detection & Response
Layered cybersecurity controls for effective risk management and rapid response.

24/7/365 Monitoring & Alerting
Compromise Assessments
Threat Hunting
Vulnerability Management

Book MXDR Demo

Government Programs
Integrated technology, solutions, and services that support rapid innovation within the DoD ecosystem.

CMMC Preparation & Assessment
Cybersecurity Assurance Readiness (CSAR/RMF Pro)
ATO/RMF Support

Book GP Demo

Professional Services
Expertise in security strategy, incident response readiness, policy development, and risk assessments.

Risk Assessments
vCISO
Penetration Testing

Book ProServ Demo

Digital Forensics & Incident Response
Are You Under Attack?

If you are concerned about a potential threat or are experiencing a breach, contact our 24/7/365 emergency hotline at 888-860-0452.

CONTACT US

Resources

Subscribe-to-NetSec-News-v4Subscribe to NetSec News

Sign up to receive our biweekly newsletter that covers what's happening in cybersecurity including news, trends, and thought leadership.

SIGN UP

Company

Ingalls Information Security

At our core, Ingalls is a company that strives to be helpful to our clients while continuously innovating and evolving our technology and solutions. Since 2010, we have been dedicated to building a team and product that can stay steps ahead of threats, attacks, and vulnerabilities in an ever-changing landscape.

Meet The Leadership Team

2 min read

Why You Should Budget for CMMC & ATO Before Submitting a SBIR Proposal

Picture of Brandi Pickett Brandi Pickett Aug 8, 2022 10:59:47 AM

DBIR CMMC Government Programs

Are you gearing up to submit a SBIR proposal? Here’s what you need to know about budgeting for CMMC and ATO so you don’t run into any issues or delays. 

The memo released by the DoD last month increased pressure on contractors when it comes to cybersecurity. Check out our recent blog post that breaks down what these DoD requirements mean for government contractors because it’s important to understand how failure to have or to make progress on NIST SP 800-171 requirements may be considered a material breach of contract requirements.

How to Budget for CMMC and ATO

One way to get ahead of any potential problems is to budget for Cybersecurity Maturity Model Certification (CMMC) and Authorization to Operate (ATO) costs before you submit a SBIR proposal. CMMC’s key objective is to enhance the protection of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) within the supply chain. Because you’re likely to handle these information types as a DIB supplier, specific safeguarding requirements are outlined by CMMC to keep them secure. CMMC reviews and combines various cybersecurity standards and best practices, making it a comprehensive verification mechanism for effective security.

In order to ensure you adhere to the DoD’s requirements correctly, you need an expert who understands how to navigate the CMMC process effectively. At Ingalls, our staff of experienced CMMC Registered Practitioners provide a wide range of CMMC services including:

  • FutureFeed, a Governance, Risk, & Compliance (GRC) tool, that integrates tracking mechanisms and empowers your team to stay on course
  • Performing assessments against the NIST SP 800-171 and help you submit your score in the Supplier Performance Rating System (SPRS)
  • Create a “Plan” aka POA&M
  • Consultation and Maintenance of your cyber program

Also, if you are developing a product or technology for the DoD, then your contract may have a clause that requires the product to obtain an ATO. The National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) is a 7-step process that organizations can use to manage information security and privacy risk for organizations and their systems. All DoD information systems must undergo the RMF process to achieve an ATO.

Navigating the RMF/ATO process is exhaustive, resource-intensive, and often not considered until the system or application is ready to deploy, significantly delaying timely delivery. Ingalls partners with you to provide ATO support throughout the RMF lifecycle with a tailored approach for services including:

  • Dedicated support throughout RMF Lifecycle
  • IAM Level III and II Certified Information System Security Manager (ISSM)
  • IAT Level II and III Certified Information System Security Officer (ISSO)
  • eMASS Data Entry and control responses
  • RMF Expert to liaison with Authorizing Official (AO) Staff or Security Control Assessor (SCA)
  • Development of core documentation and evidence
  • Development of RMF/ATO tasks with Project Schedule

 

If you are not sure how to get started with a budget or want to know more about your responsibilities for CMMC and ATO, we are here to help. Reach out for a free consultation to learn how Ingalls can help.
Subscribe to Network Security News