Cybersecurity & compliance · Maryland small business

CMMC readiness, run the way an engineer would run it.

Nine times out of ten, a CMMC program falls apart in the same spot: nobody owns the controls, and the evidence lives in three different inboxes. We run the gap assessments, NIST SP 800-171 work, vulnerability assessments, and GRC support that fix that — for defense contractors and their supply chain. Sentinel, our own platform, keeps it fixed after we leave the room.

At a glance

UEI
CJ7ZXTUSN3W8
CAGE
21QQ7
NAICS
541512 · Primary
Type
Small business · Maryland
Awards
$2.5K–$20K · micro-purchase / SAP
Download capability statement (PDF) ↓

Core competencies

Eight services. All of them built to survive an assessor's questions.

Consulting work, not a vendor menu — scoped and priced for micro-purchase and SAP awards.

01

CMMC readiness assessments

Level 1 and Level 2 gap analysis, scoping, and an honest score before the assessor sees it.

02

NIST SP 800-171 gap assessments

Control-by-control review across all 110 practices, SPRS scoring, and a POA&M your team actually uses.

03

Vulnerability assessments

External and internal scans with remediation ranked by what matters, not raw CVSS scores.

04

Compliance automation & monitoring

Evidence pipelines and control telemetry, so the program doesn't reset every time someone leaves.

05

Risk assessments & risk registers

Quantified risk scoring, a real register, and a treatment plan your team can run without us.

06

Executive cybersecurity reporting

Board-ready numbers — revenue at risk, not a wall of red and yellow status lights.

07

Security policy development

SSPs, policies, and SOPs written to match what your team actually does, not a template dump.

08

GRC program support

Program build-out, vendor risk, and someone who can talk to the assessor when you can't.

The Sentinel platform

What we find in the assessment shouldn't sit in a PDF for a year.

Sentinel is the software side of Vulnaguard — gap mapping, POA&M sequencing, evidence pipelines, and board-ready reporting, built API-first so it plugs into what you already run. It's how the consulting work stays current after the engagement ends, not a separate "GRC platform" bolted on top.

Join Sentinel early access 12 spots · first wave
Sentinel dashboard showing CMMC readiness, open gaps, and program status.

Contract vehicles & certifications

Registered, verifiable, ready to contract.

Built for government contractors and their supply chain — at micro-purchase pricing.

✓ Active SAM.gov
✓ Active CAGE 21QQ7
✓ Active DUNS / D&B
Planned GSA MAS
Planned SBA 8(a)
Planned CMMC L2 C3PAO

NAICS codes

541512 · Primary 541511 541519 541611 541690 541990 611420

PSC codes

D310Cyber Security D307IT Strategy R425Engineering Svcs R408Program Mgmt

Let's talk

Tell us where the program stands.

Just starting, mid-remediation, or prepping for assessment — tell us which one. We respond within one business day.

seanmurrill@vulnaguard.com Download capability statement (PDF) ↓