CyberSecurity Compliance Services
C3PAO CMMC LEVEL 2 (NIST-800-171 r2) ASSESSMENT PROPOSAL AND AGREEMENT FOR:
Table of Contents
- Introduction
- Capability Overview
- Estimate
- Service Provider Agreement
We offer a wide array of information security services to comprehensively support our clients' objectives. Our cybersecurity program includes flexible, independent services that work in unison to strengthen clients' long-term security efforts.
Introduction
[DATE]
[OSC (POC, Address, Email, & Phone)]
Dear [POC],
Paragon Cyber Solutions LLC is pleased to present this proposal to [OSC] , Inc. for a CMMC Level 2 Assessment for Certification based in NIST-800-171 r2.
Our 80% military veteran employed security team is comprised of certified industry experts with over 20 years of hands-on experience. Our security practice is led by our CEO, Courtney H. Jackson, a motivated and driven professional with decades of experience in information technology, information assurance, security engineering, and project management with a passion for aligning IT security standards with business objectives. Courtney has a Master of Science in Information Security and Assurance, as well as nearly a dozen active industry certifications (e.g., CISSP, CISM, CEH, CHFI, ISO 27001, CPT, Security+).
Should you decide to move forward, you will be assigned a designated Paragon security representative and gain access to our security team for continued support throughout your assessment.
If you have any questions about the information presented herein or would like any additional information, please contact Courtney H. Jackson by telephone at 813.603.7233, or by email at CJackson@ParagonCyberSolutions.com.
Thank you for the opportunity to present this quote and for your support.
Courtney H. Jackson, Founder, CEO
Paragon Cyber Solutions, LLC
Paragon Cyber Solutions, LLC
1 of 4
2 of 4
Pricing
Pricing valid through [DATE]
C3PAO CMMC Level 2 Assessment based on NIST-800-171 r2 (Assessment): $[ ] to include;
- A Mock Assessment
- Assessment (Results updated to eMass / SPRS)
- 10 Hours of Post Assessment Support (to address any POA&M requirement should you not pass the initial Assessment). You would have 180 to comply with said POA&M
Minimum one month lead time to schedule Assessment .
30% deposit is required to move forward with scheduling your Assessment. Balance (70%) due upon scheduling your Assessment.
Note: An Assessment requires three (3) Certified CMMC Assessor (CCA), much of this work needs to be performed on-site.
3 of 4
C3PAO AND OSC AGREEMENT FOR CMMC LEVEL 2 (NIST-800-171 r2) ASSESSMENT
This Agreement is entered into by and between:
Paragon Cyber Solutions LLC
400 N. Ashley Drive, Suite 2050
Tampa, FL 33602
Office: 813-603-7233
Contact: Courtney H. Jackson, CEO
cjackson@paragoncybersolutions.com
400 N. Ashley Drive, Suite 2050
Tampa, FL 33602
Office: 813-603-7233
Contact: Courtney H. Jackson, CEO
cjackson@paragoncybersolutions.com
(hereinafter referred to as the "C3PAO")
and
[Insert OSC Legal Entity Name]
[Insert OSC Address]
[Insert OSC Contact Information]
(hereinafter referred to as the "OSC")
[Insert OSC Address]
[Insert OSC Contact Information]
(hereinafter referred to as the "OSC")
1. Purpose: This Agreement outlines the terms under which Paragon Cyber Solutions LLC (C3PAO) will perform a CMMC Level 2 Assessment (NIST-800-171 r2) for the OSC. The assessment will determine the OSC's compliance with CMMC Level 2 requirements, with results submitted to eMASS and SPRS.
2. Scope of Services:
- Mock Assessment: C3PAO will conduct a mock assessment to help prepare the OSC for the formal CMMC Level 2 Assessment.
- Formal CMMC Level 2 Assessment: Conducted by a team of three (3) Certified CMMC Assessors (CCA) to include a Lead CCA Assessor, a second CCA Assessor (Not Lead), and a QA CCA Assessor. Work to be performed On-Site as necessary and Remotely where possible and permitted.
- Assessment Results: Results will be submitted to eMASS, SPR, and shared with OSC.
- Post-Assessment Support: C3PAO will provide 10 hours of support post-assessment to address any POA&M requirements should the OSC not pass the initial assessment.
- POA&M Compliance: The OSC will have 180 days to comply with all POA&M items identified during the assessment.
3. GRC Subscription:
- The OSC will receive a one-year subscription to CyberComply, a GRC platform hosted on AWS GovCloud (FedRAMP High).
4. Scheduling Requirements:
- The OSC must schedule the CMMC Level 2 Assessment a minimum of one (1) month in advance of the desired assessment date.
5. Payment Terms:
- Deposit: A 30% deposit is required to secure and schedule the assessment.
- Balance: The remaining 70% balance is due upon scheduling the assessment.
6. Certified CMMC Assessors (CCA) Requirements:
- The formal CMMC Level 2 Assessment requires three (3) CCAs. Assessment activities will take place on-site at the OSC's designated location(s) as required and Remotely when possible and permitted.
7. Confidentiality: Both parties agree to maintain confidentiality of all proprietary and sensitive information exchanged during the performance of this Agreement.
8. Term and Termination: This Agreement shall remain in effect until completion of the assessment and post-assessment support services unless terminated earlier by mutual consent or for cause.
9. Limitation of Liability: The C3PAO shall not be liable for any failure to achieve CMMC certification if the OSC fails to meet compliance requirements or address POA&M findings within the specified 180-day period.
10. Governing Law: This Agreement shall be governed and construed in accordance with the laws of the State of Florida.
11. Acceptance and Signatures: By signing below, both parties agree to the terms outlined in this Agreement:
Courtney H. Jackson
CEO, Paragon Cyber Solutions LLC
Date: ____________________
CEO, Paragon Cyber Solutions LLC
Date: ____________________
[Authorized Signatory Name]
[Title, OSC]
Date: ____________________
[Title, OSC]
Date: ____________________
4 of 4