Sikich LLP

INDEPENDENT, UNBIASED, TECHNICALLY-QUALIFIED SECURITY ASSESSMENTS

Our Cybersecurity practice (formerly 403 Labs) is dedicated to assisting our clients with cybersecurity consulting, fraud management, risk mitigation and vulnerability detection and prevention. We have the privilege of working with leading payment card, financial, restaurant, hospitality, health care, and educational organizations from around the world.

Our team has the extensive knowledge and experience to help you improve your unique security posture, specializing in compliance audits, penetration tests, computer security assessments and computer forensic investigations. We handle anything having to do with security or protecting data, including Cybersecurity Maturity Model Certification (CMMC), credit card data (PCI DSS), patient data (HIPAA), bank account numbers (GLBA), service provider reviews (SOC 1/2/3), or intellectual property.

WHAT WE DO

Sikich provides organizations with the following suite of CMMC services:

CMMC WORKSHOP

One of our CMMC experts conducts a one- to two-day workshop for organizations to discuss CMMC requirements, review the compliance process, and review current organization technical capabilities to meet CMMC requirements. These workshops can be conducted either on site or remotely, based upon the request of the client and current travel logistics.

GAP ANALYSIS

Sikich CMMC gap analysis engagements are designed to identify gaps within existing security programs and help prepare organizations for certification against CMMC. The deliverable will address an organization’s existing compliance posture in relation to CMMC, provide a detailed review of organizational policies and procedures, and offer a prioritized roadmap with actionable recommendations to meet CMMC compliance requirements.

REMEDIATION AND ADVISORY SERVICES

Following a gap analysis, Sikich assists organizations with remediation activities to prioritize addressing any gaps identified. These activities can include creating policies and procedures, developing a System Security Plan (SSP), and making security architecture recommendations.

CERTIFICATION AND ATTESTATION

Certification against the CMMC is expected to start in the fall of 2020. Once certified as a Certified Third-Party Assessor Organization (C3PAO) by the CMMC Accreditation Body, Sikich will be able to support organizations with certification and accreditation.