“After being able to test drive ACR2 risk management system software, it is our opinion that this tool will be of excellent value to all companies who need to be DFARS/CMMC compliant as fast as possible. The platform automates the process of policy documentation, assignment of tasks and schedules, creation of a POAM and SSP, calculating DoDAM score and future maintenance of all policies, tasks, and training... Will highly recommend this tool to anyone needing DFARS/CMMC compliance fast.”
This 5:33 video discusses the ACR 2 Cybersecurity Risk Management System that allows small (up to 50 staff) federal contractors to create a fully documented NIST 800-171 cybersecurity program in less than 30 hours. First year compliance costs, excluding any hardware that might be needed, are less than $5,000 (see Services and Pricing page).
3 minute Boot Camp provisioning and start-up video - access at https://attendee.gotowebinar.com/recording/6276660389605003009
NIST 800-171 SSP and POAM updates in one hour - https://www.youtube.com/watch?v=yuJjnZwz03s&t=2s
GT-pac review of NIST 800-171 requirements - https://youtu.be/QaRaqJR8ykg
Final DOD cybersecurity requirements for handling Controlled Unclassified Information (CUI) - https://www.federalregister.gov/documents/2016/10/21/2016-25315/defense-federal-acquisition-regulation-supplement-network-penetration-reporting-and-contracting-for
November 2018 DOD Contract Officer guidance - https://www.acq.osd.mil/dpap/pdi/cyber/docs/Assess%20Compliance%20and%20Enhance%20Protection%20of%20Contractor%20System%20%20with%20Attachments%2011-6-2018.pdf
Video 20:23 - NIST favorable review of ACRMS for CUI cybersecurity compliance.