BDO USA, LLP

BDO’s GovCon Cyber Compliance team has a deep bench with advanced degrees in Cybersecurity and Information Assurance, as well as over 22 years of experience supporting DoD programs in Information Technology, Information Assurance and Cybersecurity.  Our highly credentialed and experienced Cyber SMEs provide full-scope Federal and DoD cybersecurity contract compliance support to help our clients achieve their CMMC and NIST 800-171 regulatory compliance with our Compliance Assessment Tool (CAT) and over 55 policy templates to help effectively manage the compliance lifecycle, with a lower cost of implementation and lifecycle management.

BDO’s GovCon Cybersecurity Compliance team members consist of CMMC certified Registered Practitioners with Cybersecurity Industry certifications such as EC-Council: Certified Ethical Hacker, Certified Hacking Forensic Investigator, Certified Network Defense Architect, CompTIA Advanced Security Practitioner (CASP+), Certified Expert RMF Professional (CERP), Certified Expert Program Manager (CEPM), and NSA Information Systems Security Professional and Senior Information Assurance Systems Manager.

BDO Cyber Compliance consultants use the proprietary Compliance Assessment Tool (CAT) to feed an organization’s living Plan of Action and Milestones (POAM) and Systems Security Plan (SSP.) Our CAT tool cross-maps to multiple frameworks, including NIST 800-171, CMMC, CIS, NIST 800-53, ISO 9001/2, as well as the EXOSTAR cybersecurity questionnaires, reducing redundancy, and allowing for a centralized management of all cyber compliance packages simultaneously.

BDO USA offers compliance services for the following:

  • Cybersecurity Maturity Model Certification (CMMC) (ML 1,3,5)
  • FedRAMP package consulting
  • FAR 52.204-21
  • DFARS 252.204-7012 & NIST SP 800-171
  • DFARS 252.204-7019/7020/7021
  • SPRS Assessment & Scoring
  • EXOSTAR Cyber Questionnaires (NIST 800-171 & CIS 5.1)
  • Section 889 compliance
  • ISO 27001/2 consulting
  • DCSA Classified RMF Packages/eMass ATO
  • SCRM