vCISO by Aspis

SMB Basic Cybersecurity Assessment

Sale price Price $3,000.00 Regular price Unit price  per 

This assessment uses the United States Department of Defense Cybersecurity Maturity Model Certification Level 1 (CMMCL1) to determine your company's current cybersecurity posture.  The assessment includes 25 interview questions, assessor review of corresponding artifacts and evidence, and an automated compliance scan of your computer network.  Use the results to demonstrate your company's commitment to operating a secure computing environment.

At the conclusion of the assessment you will receive:


  • Dedicated Assessor
    • 1 hour assessment kickoff entrance conference
    • 4 hours of cybersecurity assessor interview time
    • 4 hours of cybersecurity assessor artifact review time
    • 1 hour assessment conclusion exit conference
  • Compliance Documentation
    • 22 page cybersecurity policies and guidance document
    • 27 page cybersecurity operational procedures for common controls document
    • Plan of Action & Milestones (POAM) document describing unsatisfied controls
    • Security Assessment Results Report describing the findings of the assessment
    • System Security Plan describing the CMMCL1 controls and their implementation
    • External Configuration Vulnerability Scan Report
    • Internal Configuration Vulnerability Scan Report
    • Technical Risk Analysis Report based on the results of the configuration vulnerability scans
    • Technical Risk Treatment Plan based on the results of the configuration vulnerability scans.
  • 15% discount on vCISO by Aspis products and services (with unique discount code) for 1 year.
This assessment is designed for small to mid-sized businesses defined according to the United States Small Business Administration and NAICS size standards.  This assessment is not intended for complex large enterprises or those greater than 250 employees.
The vulnerability scans require the installation of an agent (a small computer program) on a local computer.  If the installation fails, is prohibited by company policies, or is prevented from scanning the local network, it will not result in a refund in part or in whole for this service.
This assessment does not result in CMMC Level 1 certification.  This is a readiness and preparation assessment. Full certification requires independent audit by a Certified 3rd Party Assessor (C3PAO).  Aspis can assist your organization with finding a qualified C3PAO to complete the audit.  The C3PAO must be independent and may not assist you with preparation for your certification audit.
While cloud services may be discussed during the interview or inspected during artifact review, this assessment does not evaluate the cybersecurity of cloud services.