
The Journey to Compliance with Simple Helix
By 2026, all Government Contractors working within the Defense Industrial Base (DIB) must meet the Cybersecurity Maturity Model Certification (CMMC) standard. To assist on your compliance journey, Simple Helix is your Managed Services Provider or MSP. This means once you have policies in place, Simple Helix will implement and configure the tools needed to mitigate any security gaps. After gaining compliance, we’ll become your ongoing support provider to ensure your environment remains configured to your specifications.

The Journey to Compliance with Simple Helix
By 2026, all Government Contractors working within the Defense Industrial Base (DIB) must meet the Cybersecurity Maturity Model Certification (CMMC) standard. To assist on your compliance journey, Simple Helix is your Managed Services Provider or MSP. This means once you have policies in place, Simple Helix will implement and configure the tools needed to mitigate any security gaps. After gaining compliance, we’ll become your ongoing support provider to ensure your environment remains configured to your specifications.
If the form below doesn’t show, open this page in another browser or contact us at info@simplehelix.com.
If the form below doesn’t show, open this page in another browser or contact us at info@simplehelix.com.
Prepping for CMMC through the fulfillment of NIST 800-171
Uncertainties regarding CMMC compliance have caused the DIB to return its focus to NIST 800-171. In light of this, Simple Helix will implement and configure the tools needed to meet NIST controls. Once CMMC inevitably returns to the forefront, you will have obtained many of the tools needed to win compliance.
Parties Involved in CMMC
There are 4 different types of entities you will meet while on your journey to CMMC Compliance:
-
Gap Assessors evaluate your current security posture in comparison to a compliance standard’s requirements. The assessor will report on where your business must improve to meet the necessary controls through a gap assessment. The assessor will aid you in creating your SSP and Plan of Action & Milestones (POA&M).
You can think of the Gap Assessor as a doctor. Let’s imagine you are an Olympic track athlete and you start experiencing pain around your foot. After the doctor investigates the area, he concludes that you have sprained your ankle. The doctor directs you to wear a boot, do physical therapy exercises, and take some medication that will help you in the healing process and get you back in the competition.
-
MSPs, like Simple Helix, put into effect the tools needed to execute and operate your SSP. They also serve as ongoing support providers to ensure the implemented tools continue to meet your needs. Part of this includes ensuring the security features of these tools, such as a firewall or O365 licenses, remain functional and updated.
Going along with our medical analogy in the Gap Assessor section above, we can think of the Managed Services Provider as your physical therapist. You could have done the exercises on your own but your an Olympic athlete and you can’t miss competition. You turn to the therapist thinking you’ll be better off under the care of an expert. The physical therapist recommends the best exercises (likewise MSP recommends tools) to promote the healing process. They even provide you with a boot to protect and stabilize your ankle (likewise MSP implements tools). Once you are healed, the physical therapist will be there as an ongoing support for you to ensure your ankle continues functioning in the appropriate manner.
-
Where an MSP deals in implementation, support, and maintaining security within solutions and tools, an MSSP deals in security response. An MSSP focuses on forensic analysis, incident response, pen testing, and more security response activities. In the event of a breach, your MSSP will meet compliance by taking action against cyber crime and investigating why it happened.
Continuing the medical analogy from the sections above, you can equate your MSSP to an at home healthcare provider. As an Olympic athlete, some people want to see you fail. The MSSP ensures the boot, medication, and other resources you have been given are not tampered with.
-
C3pAOs evaluate and certify your business to the appropriate CMMC level. The C3PAO has the power to award or deny certification.
Like the Gap Assessor, the C3PAO can be equated to a doctor as well. However, this doctor is the doctor that will clear you continue competing in the Olympic games. This doctor gives you a check up after you have had time to follow the advice of the first doctor. This final assessment will either dictate you must continue the healing process or it will clear you to return to the Olympics.
Services for Compliance
The following Simple Helix services assist in meeting many of the controls required by the CMMC compliance standard:
-
Simple Helix’s Managed Services provide planning, design implementation, management, and ongoing support for the following solutions. You can learn more about these solutions at the Managed Services SIMPLIFIED web page.
- Managed Workstation
- Managed Server
- Managed Firewall
- Managed Network Device
- Office 365 Backups
- Endpoint Backups
- Multi-Factor Authentication (MFA)
- Security Awareness Training (SAT)
- Data Encryption
-
Maintaining network and data health are imperative to winning compliance. Under the NOC+ package, Simple Helix customers achieve a first line of defense against infrastructure and data disruptions.
- NOC+
- Network & Facility Monitoring and Management
- SIEM Hosting, Implementation, & Normalization
We also offer colocation services that allow a company to house their data in our secure, redundant data center facility. This meets many of the controls surrounding physical security within the CMMC standard.
- Colocation
Learn more about these offerings at the Data Center SIMPLIFIED web page.
- NOC+
-
Office 365 Government plans are designed for the unique needs of government organizations. They provide all the features and capabilities of Office 365 services in a segmented government cloud community that enables organizations to meet U.S. compliance and security standards. Simple Helix will perform the configurations necessary to meet CMMC Levels 1 or 3 depending on your business needs.
- Microsoft Office (GCC)
- Simple Helix is a Microsoft Cloud Solution Provider (“CSP”) and resells Microsoft Office 365 licensing in the Government Community Cloud (“GCC”) environment. Simple Helix provides billing, subscription management and technical support for its Microsoft Office GCC customers.
- Microsoft Office (GCC High)
- Simple Helix is a value-added reseller of Microsoft GCC High licensing through the AOS-G program. Simple Helix provides billing and technical support for its Microsoft Office GCC High customers. Simple Helix does not provide subscription management. GCC High licenses are resold through an agreement with Carahsoft.
- Microsoft Office (GCC)
Services for Compliance
The following Simple Helix services assist in meeting many of the controls required by the CMMC compliance standard:
-
Simple Helix’s Managed Services provides planning, design implementation, management, and ongoing support for the following solutions. You can learn more about these solutions at the Managed Services SIMPLIFIED web page.
- Managed Workstation
- Managed Server
- Managed Firewall
- Managed Network Device
- Office 365 Backups
- Endpoint Backups
- Multi-Factor Authentication (MFA)
- Security Awareness Training (SAT)
- PreVeil
-
Maintaining network and data health are imperative to winning compliance. Under the NOC+ package, Simple Helix customers achieve a first line of defense against infrastructure and data disruptions.
- NOC+
- Network & Facility Monitoring and Management
- SIEM Hosting, Implementation, & Normalization
We also offer colocation services that allow a company to house their data in our secure, redundant data center facility. This meets many of the controls surrounding physical security within the CMMC standard.
- Colocation
Learn more about these offerings at the Data Center SIMPLIFIED web page.
- NOC+
-
Office 365 Government plans are designed for the unique needs of government organizations. They provide all the features and capabilities of Office 365 services in a segmented government cloud community that enables organizations to meet U.S. compliance and security standards. Simple Helix will perform the configurations necessary to meet CMMC Levels 1 or 3 depending on your business needs.
- Microsoft Office (GCC)
- Simple Helix is a Microsoft Cloud Solution Provider (“CSP”) and resells Microsoft Office 365 licensing in the Government Community Cloud (“GCC”) environment. Simple Helix provides billing, subscription management and technical support for its Microsoft Office GCC customers.
- Microsoft Office (GCC High)
- Simple Helix is a value-added reseller of Microsoft GCC High licensing through the AOS-G program. Simple Helix provides billing and technical support for its Microsoft Office GCC High customers. Simple Helix does not provide subscription management. GCC High licenses are resold through an agreement with Carahsoft.
- Microsoft Office (GCC)