CMMC / NIST 800-171 Readiness
ThinkCodec gets Dallas–Fort Worth defense contractors from "where do we even start?" to certification-ready — gap assessment through SPRS scoring — with fixed-fee, no-jargon engagements. We're the readiness consultant; you stay in control.
CMMC requirements are phasing into DoD contracts now. Prime contractors are pushing compliance down to their subs — and dropping the ones who can't show a System Security Plan and a passing SPRS score. Most small contractors don't have a security team and don't know where to start.
That's the whole problem we solve: we make a contractor that isn't ready, ready — without you hiring a CISO.
What we deliver
We measure you against all 110 NIST 800-171 controls, calculate your SPRS score, and hand you a prioritized gap report. You'll know exactly where you stand and what it takes to close it.
We write the two documents the DoD requires — your System Security Plan and Plan of Action & Milestones — accurate, audit-ready, and in plain English.
We guide you through closing the gaps, prep you for your C3PAO assessment, and keep you compliant year-round with managed compliance.
Pricing
CMMC L1 Starter
from $4,950
Scope assessment, essential policies & procedures, basic evidence guidance, SPRS overview, and one coaching call. For contractors handling FCI / Level 1.
CMMC L2 Readiness
from $14,900
Full 110-control gap workshop, populated SSP & POA&M, policy kit mapped to NIST 800-171r3, evidence checklist, SPRS walkthrough, and two pre-assessment coaching calls.
L2 Certification Sprint
$25,000–$45,000
Hands-on remediation alongside your team to get assessment-ready fast — scoped to your starting gap and timeline.
vCISO / Managed Compliance
from $1,500/mo
Ongoing compliance upkeep, evidence maintenance, and an annual SPRS refresh so you stay ready between contracts and audits.
Every engagement starts with a free gap call so we scope to your actual situation. ThinkCodec is a readiness consultant, not a C3PAO — final certification is performed by an authorized C3PAO.
30 minutes. We figure out if CMMC applies to you and at what level.
We benchmark you, score you, and map the path to certification-ready.
We close gaps, prep your assessment, and keep you compliant.
Does CMMC apply to my company?
If you have a DoD contract or subcontract involving FCI or CUI, almost certainly — most need Level 1 or Level 2.
What's the difference between you and a C3PAO?
A C3PAO performs the official certification audit. We get you ready to pass it, and partner with C3PAOs for the final assessment. We can't do both for the same client — that rule protects you.
How long does it take?
A gap assessment is days. Full readiness depends on your starting point — typically weeks to a few months.
What does it cost?
Fixed-fee packages starting at $4,950 for Level 1 and $14,900 for Level 2. Book the free call and we'll scope yours exactly.