A clear path to certification
Choose the package that matches your CMMC level and contract requirements. Every package includes a dedicated Blue Mantle advisor, clear deliverables, and predictable timelines.
Level 1 Self-Assessment
Small subcontractors handling FCI only
Get organized and confident for your annual Level 1 self-assessment. We provide the templates, guidance, and validation you need to meet the 17 FAR 52.204-21 practices.
Deliverables
- CUI/FCI scoping analysis
- Self-assessment readiness review
- System Security Plan (SSP) template & guidance
- Policy & procedure templates
- SPRS score calculation assistance
- Affirmation guidance for SPRS posting
Level 2 Certification
DoD contractors handling CUI
Our most comprehensive package takes you from gap analysis through C3PAO certification. We handle the heavy lifting so your team stays focused on winning work.
Deliverables
- Full NIST 800-171 gap analysis
- System Security Plan (SSP) development
- POA&M creation & tracking
- Security policy & procedure authoring
- Technical control implementation guidance
- Mock assessment (mirrors C3PAO process)
- Artifact & evidence preparation
- C3PAO selection & coordination
- On-call support during assessment window
Level 3 Expert
High-value / ITAR / classified-adjacent programs
For organizations with the most demanding requirements. Everything in Level 2 plus advanced controls, continuous monitoring design, and an ongoing advisory retainer.
Deliverables
- Everything in Level 2 package
- NIST 800-172 enhanced security controls
- Continuous monitoring architecture
- Incident response plan development
- Supply chain risk management
- Ongoing advisory retainer
- Quarterly compliance health checks
- Executive reporting & board briefings
All packages are scoped to your organization. Contact us for a tailored proposal with fixed-fee pricing.
Compare Packages
See exactly what's included at each level.
| Feature | Level 1 | Level 2 | Level 3 |
|---|---|---|---|
| Assessment & Scoping | |||
| CUI/FCI scoping analysis | |||
| NIST 800-171 gap analysis | |||
| NIST 800-172 gap analysis | |||
| SPRS score calculation | |||
| Documentation | |||
| SSP development | Template | ||
| POA&M creation & tracking | |||
| Security policies & procedures | Template | ||
| Incident response plan | |||
| Implementation Support | |||
| Technical control guidance | |||
| Continuous monitoring design | |||
| Supply chain risk management | |||
| Assessment Readiness | |||
| Self-assessment readiness review | |||
| Mock C3PAO assessment | |||
| Artifact & evidence prep | |||
| Interview preparation | |||
| C3PAO selection & coordination | |||
| On-call assessment support | |||
| Ongoing Support | |||
| Advisory retainer | |||
| Quarterly health checks | |||
| Executive reporting | |||
Stop worrying about compliance. Start winning contracts.
Our experts deliver a focused 1-hour readiness assessment that clarifies where you stand and what it takes to certify.