CMMC (Pilot) Joint Surveillance Voluntary Assessment (JSVA)

The Joint Surveillance Voluntary Assessment Program is a pilot program for CMMC that is being executed BEFORE rulemaking finishes. A CMMC 3PAO assessment team (i.e. Ariento) is paired with a Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) assessment team to conduct a DIBCAC High assessment. Have more questions about Joint Surveillance? Read our FAQ here.

How it works?

You must be nominated to the DIBCAC by a C3PAO via the Cyber AB. Once signed, Ariento will submit your information and the DIBCAC will contact you (the OSC) directly for scheduling if selected. If you are not selected, we will honor your discounted pricing and roll you over to the queue for a CMMC Level 2 certification assessment upon the final rule being published, ensuring you are first in line.

Once selected, a detailed assessment schedule will be provided by Ariento well in advance for you to prepare. Upon completion of the assessment, you receive the result of the DIBCAC High Assessment is received right away and it will be entered into the supplier performance readiness system (SPRS). Assuming you pass the CMMC Level 2 assessment conducted by our C3PAO team, we will issue you an official CMMC Level 2 certification upon final rulemaking and your 3-year recertification clock would then start at the time of rulemaking. Assuming the DoD follows through with their stated intent to convert JSP assessments to CMMC Level 2 certifications upon final rulemaking, you will be the first to receive CMMC certification post-rulemaking giving you a competitive advantage when it begins to show up as a requirement for contracts.

Who is it for? 

A JSVA is potentially right for your organization if any of the following are true:

  1. Your organization has done a gap assessment and knows you are complaint with NIST 800-171 and CMMC Level 2.

  2. You have a DIBCAC assessment requirement outside of CMMC making it potentially two assessments/certifications for the price of one.

  3. You want to be a first mover in CMMC as a competitive advantage, and have the certification immediately upon rulemaking being finalized.

  4. You have contracts with Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012 that are coming up for renewal/recompete in 2024/2025, since those contracts are likely being considered as the first CMMC contracts post rulemaking.

  5. You want to beat the expected rush to schedule an engagement with a C3PAO once rulemaking is complete. With Joint Surveillance, you can have your pick of the limited number of authorized C3PAOs in the marketplace and choose the right one on your terms without any market pressure on prices and/or capacity/availability of the highest quality C3PAOs.

How long is the engagement duration (Period of Performance)?

4-6 weeks in total, with one week of dedicated full engagement from your team being assessed

How much does it Cost?

For Joint Surveillance, we continue to discount our certification assessments due to the nature of it being a pilot program and everything that comes with that. Our average JSVA has ranged from $40,000 - $80,000 with that (deeply) discounted pricing. We are also allowing our clients to lock in their discounted price even if they don’t get selected by the DIBCAC for Joint Surveillance, and be first in line for an official CMMC Level 2 certification when the final rule is published.

Does this qualify for the discounted CMMC Ealry bird program?

Yes, we are offering discounted, risk free assessments with no cost roll over as part of our CMMC Early Bird Assessment Program. The details are as follows:

  • Assessments are deeply discounted up to 50%

  • If CMMC changes between the time you conduct your Joint Surveillance (and pass) and the final initial rule being published, we will conduct any required rework or recertification activities at no additional cost to you.

  • If you are not selected by DIBCAC through now fault of your own, we will honor your discounted pricing and roll you over to the queue for a CMMC Level 2 certification assessment upon the final rule being published, ensuring you are first in line.

Cyber diligence satisfies all of the requirements including fulfill and industry or audit compliance requirement, learn working of IT team, improvement in IT team and more. Cyber diligence is one way to keep up with the gains without losses that result in issues like stoppages and delays, hence, make it extremely hard for the business to cope with the market competitions and client expectations. With cyber diligence one can focus on identifying the threats and vulnerabilities that confront an organization's information assets. During the cyber diligence process, it's important to ensure that the organization being acquired has not only invested in threat prevention and identification measures which will helps you in IT Security and Assessment-which often receive the lion's share of budgets-but also in measures to recover from security incidents and attacks.