Managed Security Services

Trusted Partner for Security and Compliance Solutions

Preparing for CMMC

Defense contractors must implement the required cybersecurity measures outlined in NIST SP 800-171 controls for CMMC certification. According to DFARS 252.204-7021, organizations seeking to do business with Department of Defense will require certification, performed by a Certified Third Party Assessment Organization (C3PAO) every three years. These Organizations Seeking Certification (OSC) should plan for a comprehensive cybersecurity approach to protect corporate assets, information and systems.

Cyber readiness means a contractor has taken the appropriate steps to create resilient and secure information systems which includes the capability for an appropriate and rapid response when an incident does occur.

 CMMC 2.0 is currently in a “Rulemaking” period – awaiting final requirements. Although the exact date is unknown final requirements are expected to be released in Spring of 2023 timeframe. DIB Contractors will be expected to meet CMMC 2.0 requirements when rulemaking is complete. More information can be found on the Acquisition and Sustainment Office of the Under Secretary of Defense (OUSD) website


We are pleased to announce that the Cybersecurity Maturity Model Certification Accreditation Board (Cyber-AB) has recognized Riverstone Solutions, Inc. (RSI) as a Registered Provider Organization (RPO).  RSI is registered to provide consulting, pre-assessment readiness reviews, documentation, and recommendations for the CMMC to their clients.

Riverstone Solutions is also a Microsoft Silver Partner, with Information Technology expertise for both on-premise and cloud solution planning and implementation of secure and compliant systems.  We are skilled in Federal contracting requirements for protecting ITAR and Controlled Unclassified Information (CUI) and Federal Information Systems.

Security and Compliance Solutions for the Defense Industrial Base

RSI works with defense contractors as a Managed Security Services Provider (MSSP) to achieve CMMC goals. We create a custom security and compliance roadmap and deliver consulting services and security solutions specific to your organization’s needs. Our customized engagement is unique to each customer, allowing you to pay for only the services and solutions you need. No hidden charges, or up front costs for generic templates. We deliver full documentation packages that are specific to your organizational approach to enterprise security.

Get Started with your Security and Compliance Journey. Download our RSI DFARS + CMMC Portfolio – Roadmap Overview and contact us for a FREE consultation and custom approach for your organization. 

5 Step Roadmap to Achieve Security Goals and Compliance Objectives

Evaluation and Baseline

Step 1 – Full review or your cybersecurity posture. Where are you now in your security control implementation? We develop a full documentation package to meet compliance requirements and let you know about next steps to secure your enterprise. Includes your calculated SPRS score and recommendations to close any security gaps.

Plan and Remediate

Step 2 – Now that you have a baseline for the organization, plan and schedule implementation milestones. We act as an extension of your IT / Security team. Outsource remediation of specific tasks that are too complex or time consuming for your team – especially helpful for small IT teams.

Monitor, Detect, Respond

Step 3 – Use our Oxbow Security Platform (OSP) SIEM to Aggregate & Analyze Security Data from your On- Premise security protection devices and Microsoft 365 Cloud data; We offer 24×7 ‘Monitoring as a Service’, watching your network while you sleep. Includes custom threat intelligence alerts for your organization.

Security Training and Awareness

Step 4 – Monthly or Quarterly security training plans delivered in person or virtually to your users. Includes cybersecurity training, insider threat awareness, role based training, certification training (Security +, CISSP, RMF) and more. Customized to meet your requirements. Includes training record management for your team.

Continuous Improvement

Step 5 and Beyond – Maintaining a secure and compliant enterprise is ongoing – it is a journey, not a destination. We partner with you in that journey, keeping track of the administrative tasks as you go. What are your “organizationally defined” periods for review? How and where do you track your artifacts – to demonstrate you’re doing the tasks you outlined in the SSP? Security administration tasks are time consuming, especially for small teams.  We manage those tasks for you, so you have confidence in your day-to-day compliance.


Contact us to schedule a free consultation and roadmap discovery for your organization.