For over 30 years, Monarch’s experts have prepared audits and assessments for financial institutions and healthcare organizations. We bring this same level of experience and cybersecurity mastery to the defense industry.

A feature of our longstanding client relationships is our ability to break down complex challenges into clear, straightforward strategies. You’ll understand precisely what is required to meet each objective. And, you’ll be better prepared to respond to your assessor’s queries and ensure your documentation is ready.

Monarch has developed a custom application, Security Catapult, to accelerate your preparedness. Security Catapult will:

  • Guide you through assessment questions and help you understand your organization’s requirements.
  • Immediately show your SPRS (Supplier Performance Risk System) score.
  • Track all required tasks and prioritize your remediation steps.

Certification Assessment vs. Readiness Assessment

A Certification Assessment is the official CMMC investigation and certification that all DoD contractors and subcontractors must successfully undergo in order to be eligible to work on government contracts. A CMMC assessment must be completed by a CMMC-AB-certified assessor organization, such as Monarch.

By contrast, a CMMC Readiness Assessment (sometimes called a Gap Assessment) is not an official DoD test. Nevertheless, it is an extremely important part of your certification process.

The Readiness Assessment:

(1) Allows you to accurately see how your infrastructure aligns with CMMC requirements at a reasonable price point.

(2) Identifies any weaknesses in your cybersecurity methodology so that you can correct them prior to undergoing your Certification Assessment.

(3) Gives you the opportunity to adjust the level of your security systems to match that of your anticipated contract requirements.

(4) Ensures that assessors and your organization are on the same page as you seek certification.

(5) Through Q&A with the lead assessor, provides an educational opportunity for your team to grasp the full dimension of the Certification Assessment, along with what will be required of your organization to ultimately become certified.

CMMC Assessments are not to be taken lightly – the DoD will not offer contracts to any companies who fail to achieve certification, no exceptions. A CMMC Assessment is essential for any business desiring to work with the DoD.

It should be no surprise that we vigorously recommend conducting a Monarch Readiness Assessment prior to your formal certification assessment. We feel so strongly about this, in fact, that we provide a discount on the certification cost if your conduct a readiness assessment with us.

Talk to us today to learn more.

Data Breach: Anatomy of One Company’s Response
If the trend continues, 2023 will become another year of over 1,000 publicly reported data breaches. According to the IT Governance Blog (, this translates to over five billion compromised data records. The breaches number will undoubtedly continue in number and severity – reaffirming that cybersecurity is a pressing priority for business. Learn More >

Monarch is the Northeast’s only Certified Third Party Assessment Organization (C3PAO)