Whether you need to become compliant, or are looking to harden security, we will take care of you.
We offer CMMC Assessment and Certification.
Fast Turnaround

Masterful Audits

La Jolla Logic is one of the first CMMC Third-Party Assessor Organizations (C3PAO’s) approved by the CMMC Accreditation Body (CMMC-AB) to provide CMMC Assessments with one of the first CMMC Provisional Assessors on staff who has been trained and certified to perform provisional CMMC assessments.

As a CMMC Third Party Assessor Organization (C3PAO) we will be able to perform CMMC Assessments up to Maturity Level 3 once our own ML-3 assessment is completed (we expect this to be soon as we are one of few organizations currently approved by the CMMC-AB).

Find us on the CMMC-AB Marketplace list of providers.


As a CMMC Registered Provider Organization (RPO), LJL is available to provide advice, consulting, recommendations, and implementation of appropriate security controls to our clients.  We have deep expertise in conducting NIST 800-171 security control and CMMC gap analysis (up to ML 5), self-assessments for SPRS registration, development of SSPs, POAMs and IT Policy and Procedure documentation.  LJL’s Registered Practioners (RPs) have direct DoD Cybersecurity experience, appropriate industry certifications (CISSP, Security+, CASP…) and DoD security clearances.

Regardless if you choose to keep this in house or outsource, you will need to know how close or how far away from meeting any of the five levels of the CMMC your business is. The most effective way to accomplish this is to have a third-party perform a gap assessment to discover inadequate system setups and processes that may not meet all of the required controls.

Without a gap analysis, it’s difficult to know what changes an organization needs to make before it meets the required CMMC Level.  LJL SMEs will use their findings to create remediation plans that will address any non-compliant deficiencies; the client can implement the remediation plan on their own or leverage LJL to perform the remediation for them.

Find us on the CMMC-AB Marketplace list of providers.

NIST 800-171 Compliance

As of November 30, 2020, the CMMC Interim Rule requires all contractors and subcontractors to maintain a Basic NIST SP 800-171 DoD Assessment using the NIST SP 800-171 DoD Assessment Methodology in the Supplier Performance Risk System (SPRS) prior to contract award.

As a DoD Cybersecurity and Advanced Technology Firm, working with NIST guidance and security controls is our second nature.  We have been supporting the Industrial Base with NIST SP 800-171 Compliance since 2017 and have developed efficient processes, procedures, and templates to aid our clients with the following:

  • Conducting NIST SP 800-171 Basic Self-Assessment (and subsequent score for SPRS entry)
  • System Security Plans (SSPs)
  • Plan of Action and Milestones (POAM)
  • Implementation & Remediation Support – support and participation in design of required infrastructure changes, implementation of controls, policy development, documentation to achieve desired compliance state
Risk Management Framework (RMF) Accreditations

NIST SP 800-37 rev2 Risk Management Framework (RMF) is a widely used framework within the DoD.  La Jolla Logic brings decades of DoD experience with accrediting and fielding technologies, systems and applications under DITSCAP, DIACAP, and RMF through Defense Counterintelligence and Security Agency (DCSA) and DoD Authorizing Officials across the Navy, Air Force, and Army components.

Each branch and its networks of subordinate commands have their own unique set of requirements and preferences in the accreditation process; our engineers leverage years of experience with these organizations and their ever-changing processes to accredit industry developed products, systems, applications, and even facilities for our clients.

Your company can leverage our cybersecurity experts in a manner that best suits your needs:

  • General RMF Guidance (Steps 1-6)
  • ISSE/ISSM support
  • Use us to develop the entire RMF package and submit to DCSA through eMASS (we are experts in this tool!), assist in responding to DCSA questions, remediating any deficiencies, all the way through to Authority to Operate (ATO)
  • Or, we can function as advisory support/consultants on an as-needed basis to guide and train your team and assist with all or some portions of the package – you choose!

Let us help you through this complicated process so you can focus on what your business does best!