top of page

Regulatory Document Services

Consider the following scenario:

Your company discovers a government contract that is up for bid which your team possesses all of the technical expertise to accomplish the contract with flying colors, it's a perfect fit!  That said, the contract requires that the systems your team uses for the contract meet CMMC Level 1 compliance.

As you begin preparing the documentation for your CMMC assessment you quickly realize the sheer number of policies, plans and procedures required to adequately document and manage your compliance.  Many companies start with some internal policies and procedures but quickly realize they are incomplete, insufficient and sometimes conflicting.


The process of writing cybersecurity and/or acquisition documentation internally can take your existing team months and and involves pulling your most senior and experienced cybersecurity experts away from their operational and probably even billable duties to assist in the process.

If you decide to go the route of hiring a consultant, there are a couple of important things to consider.  In addition to the immense cost of hiring a cybersecurity consultant to write this documentation for you, the time to schedule a consultant, provide guidance and get the deliverable product can take months. Even with a consultant, it still requires involvement from your team for quality control and answering questions, so the impact is not limited to just the time and cost of the hired consultant. 


The task of writing all the required documents can take months and hundreds of man hours.  Some estimates place it at 9-12 months of staff work – your staff have day jobs after all and the resources needed to contribute are probably also billable resources for your company – and upwards of $60,000 in labor expenses.  With the consultant route, after hiring a firm to conduct a gap assessment and then navigating through months of meetings, interviews and presentations, they provide documentation at a cost double of what you could have done it yourself and only marginally faster.

For example, achieving a Cybersecurity Maturity Model Certification (CMMC) Level 1 assessment requires thorough documentation in the form of policies, plans and implementation guides.

Starting from scratch to create your own documents while ensuring they cover all the required CMMC framework practices and National Institute of Standards and Technology (NIST) and other controls can be daunting and time consuming.

Firestorm Dynamics offers complete document packages with fully editable Microsoft Word or Excel document, templates, which includes policy and process documents from:

Cybersecurity Maturity Model Certification (CMMC)

Defense Federal Acquisition Regulation Supplement (DFARS)

National Institute of Standards and Technology (NIST)

Department of Defense (DoD)

bottom of page