Unlock Trust in Your Compliance
We provide expert Governance, Risk, and Compliance services for government contractors
Some of our happy customers
Our Company
DeWitt GRC is a technology consulting company that specializes in providing Governance, Risk, and Compliance (GRC) services to government contractors. With our CMMC-based approach, we help businesses navigate the complex landscape of federal government contracting and ensure compliance with the required regulations. Our team of experienced consultants offers a range of services including assessments, program management, audit preparation, and ongoing compliance support. We are dedicated to helping our clients maintain a strong security posture, mitigate risks, and achieve their business objectives.
Our Owner - Don DeWitt
Don has been involved with US Government Compliance since 2011 starting with FISMA, NIST 800-53, and RMF (Risk Management Framework) compliance. After 6 years in the US Air Force, he was transferred to the NSA to conduct Network Penetration Testing on our Nation’s enemies. Upon separation from the USAF, he conducted Nuclear Security Assessments on Dept of Energy resources before shifting his efforts into broader Government compliance with CMMC v0.7 and NIST 800-171. Now, he uses his CCP Certification, CMMC Certified Practitioner, to guide DIB companies through the complicated maze of US Government Cybersecurity Compliance outlined in Federal Acquisition contracts.
Why we stand out
Expert Comprehensive GRC Services
Our team of experienced consultants specializes in providing extensive GRC services tailored to the unique needs of government contractors.
Streamlined Compliance Processes
We help streamline your compliance processes by providing unbiased and tool-agnostic guidance to ensure a smooth and effective compliance journey.
Identify Risks, Protect Your Business
By partnering with us, you can identify your Business risks, maintain a strong security posture, and achieve your business objectives without compromising compliance.
Compliance Assessments
Our expert consultants conduct thorough assessments to evaluate your organization's compliance with CMMC requirements. We identify gaps, provide recommendations, and help you implement the necessary controls to achieve and maintain compliance.
Program Management
We offer long-term program management services to ensure your organization's compliance initiatives are effectively implemented and maintained. Our consultants provide guidance, support, and ongoing monitoring to help you stay on track and continuously improve your compliance program.
Audit Preparation & Due Diligence
Preparing for an audit or acquisition can be a daunting task. Our team has extensive experience in CMMC audit preparation and can assist you in gathering the necessary documentation, conducting mock audits, and addressing any findings to ensure a smooth and successful audit or acquisition process.
Plans and Pricing
Choose the right plan for your business
Assessment - CMMC Level 1 - Mini
$2,500 per Assessment
Some key features
-
Conduct an assessment of your organization using CMMC Level 1 (FAR 52.201-21) as a guide
-
Document Results in an Assessment Report
-
Outline fix-actions with a POAM (Plan of Action and Milestones)
Assessment - CMMC Level 1 - Full
$5,000 per Assessment
Some key features
-
Conduct an assessment of your organization using CMMC Level 1 (FAR 52.201-21) as a guide
-
Document Results in a full System Security plan (SSP)
-
Outline fix-actions with a POAM (Plan of Action and Milestones)
Assessment - CMMC Level 2 (DFARS, CUI)
$10,000 per Assessment
Some key features
-
Conduct an assessment of your organization guided by CMMC Level 2 (DFARS 252.204-7012)
-
Document Results in a full System Security plan (SSP)
-
Outline fix-actions with a POAM (Plan of Action and Milestones)
PM - CMMC Level 1
$1,000 / Month
Some key features
-
Bi-Weekly Meetings discussing CMMC Level 1 Compliance
-
Create / Maintain an Information Security Policy outlining Level 1 Control Implementation
-
Provide insight, conduct research, and communicate updates on CMMC Framework and Compliant Technologies
PM - Essentials
$2,000/month
Some key features
-
Program Monitoring with bi-weekly update meetings
-
Documentation Creation & Management to meet CMMC Requirements
-
Assessment Templates including Risk and Security Impact
PM - Proactive
$3,500/month
Some key features
-
Everything in the Essentials package
-
Additional Policies including CUI management, Software, and Password
-
Evidence Matrix and User Access Matrix, required for the Audit
PM - Advanced
$5,000/month
Some key features
-
Everything in the Proactive package
-
Annual Compliance Assessment
-
Annual Incident Response Test
-
Conduct / Update all Risk and Security Impact Assessments
CMMC Audit Prep
$35,000 per Audit
Some key features
-
Gather and associate evidence to EACH control objective
-
Update System Security Plan (SSP), as needed
-
Update Policies, Procedures, and Plans, as needed
-
Attend all Audit meetings and interviews, as requested
Due Diligence Assessments
Mergers & Acquisitions
$50,000 per Assessment
Some key features
-
Complete a full CMMC Level 2 Compliance Assessment on the acquired company
- Includes an SSP & POAM
-
Conduct Risk Assessment including non-IT aspects of the acquired company (Staffing, Financial, Competition, etc.)
-
Conduct a Security Impact Assessment on the potential integration of networks and business practices
-
Supply integration recommendations