Cybersecurity Maturity Model
Certification (CMMC) support

Does your business rely on Department of Defense contracts?
We can help you get certified.

CMMC Registered Provider Organization (RPO)

Remain a valued Department of Defense contractor

Our cybersecurity professionals have the experience and knowledge to help distill complex frameworks into specific actions. Like the Department of Defense (DOD), we understand the value and importance of small and medium-size suppliers and the unique cybersecurity situations they face. Our team of CMMC Accreditation Body Registered Practitioners (RP) will work directly with your organization to ensure you are in the best position to pass the CMMC assessment(s).

Need help to prepare for the CMMC assessment?
Contact us to get started.

Cybersecurity Maturity Model Certification (CMMC) Support Service

Consider who benefits

Contractors unsure of what they need to do to comply with the CMMC.

Contractors whose cybersecurity practices are lacking when compared to the CMMC's Level 1 maturity.

Contractors looking to show their commitment to the CMMC by progressing to Level 3 maturity and managing their cybersecurity risk.

Consider the benefits

Create a competitive advantage by attaining certification before other contractors.

Determine the appropriate maturity level of the CMMC based on your organization’s situation.

Identify gaps in your cybersecurity processes and practices relating to the targeted CMMC maturity level.

Ensure your organization maintains basic or good cyber hygiene in accordance with the CMMC.

Document your processes and practices in accordance with the CMMC.

How AGH can help you prepare for the CMMC assessment

With the DOD transitioning away from self-assessments to a more structured approach relying on the CMMC and certified assessments, AGH can help your organization identify gaps in your current processes and practices compared to those in the CMMC. Whether your organization is relatively new to this area, or an experienced contractor, the various levels of the maturity model present risk to most contractors.

As a Registered Provider Organization™ (RPO), as designated by the CMMC Accreditation Body, and the only one in Kansas, our RPs can help your organization get ready for the CMMC assessment. We begin with an introductory survey and meeting to get a lay of the land in your organization. With that information, we sit down with key stakeholders in your organization (not just the IT team) to develop a comprehensive plan to ensure your organization can meet the Level 1 maturity stage of the CMMC called basic cybersecurity hygiene.

For more robust organizations, or those who complete Level 1 maturity, our professionals can help your organization reach the next maturity level needed for higher-clearance contracts. Our professionals can help document your processes and practices in accordance with the CMMC, as well as assess your performance on the 130 practices contained at the Level 3 of the model called good cyber hygiene.

Regardless of the targeted maturity level, our process tends to follow these basic steps:

Unsure where to start?
Take our introductory Level 1 survey.

Brian Johnson

Senior Vice President
Technology Services

Brian joined AGH in 1992. He leads the firm’s technology services practice where he helps clients achieve measurable performance improvements through the delivery of specialized, competency-based information systems management, assurance, and advisory services. He has extensive experience in information security, network engineering, and solution development, with recognized specializations in governance, risk, control, and related consulting services.

Brian is a member of ISACA (previously known as the Information Systems Audit and Control Association), the Kansas Society of Certified Public Accountants (KSCPA), the American Institute of Certified Public Accountants (AICPA), the AICPA’s Information Management and Technology Assurance (IMTA) Section, and the Association for Supply Chain Management (ASCM). He is a Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT), Certified in Risk and Information Systems Control (CRISC), Certified Data Privacy Solutions Engineer (CDPSE), and Certified in Production and Inventory Management (CPIM).

Brian is also a Certified Public Accountant (CPA) and a graduate of Wichita State University, where he earned Master of Accountancy and Bachelor of Business Administration degrees.

Eric Spillman

Information systems consultant
Technology Services

Eric joined AGH in 2018. He is an experienced information systems consultant in our technology services practice, where he participates in the delivery of risk management, information security, and network engineering services. He has extensive experience working with clients in a variety of industries including financial services, healthcare, retail, and professional services.

Eric is a member of ISACA (previously known as the Information Systems Audit and Control Association). He is CompTIA Security+ certified, CompTIA Cybersecurity Analyst+ (CySA+) certified, CompTIA Security Analytics Professional (CSAP) certified, and a Certified Data Privacy Solutions Engineer (CDPSE). He also served as an information systems security officer in the United States Navy where he received and has maintained secret security clearance.