Bastion
Services

Insurance on an irreplaceable assessment slot.

With ~83 assessors for 80,000+ contractors, failing once means re-queuing behind everyone who panicked later than you. Every engagement below exists to make the first attempt the only one.

Assessment-Readiness Sprint

$25K–$75K

6–10 weeks, one-time

Gap analysis, remediation roadmap, and an assessor-grade evidence package: SSP written for your environment (not restated control language), evidence mapped to all 110 controls, POA&M lifecycle modeled the way CMMC actually requires.

  • Gap assessment against NIST 800-171 / CMMC L2
  • Assessor-grade System Security Plan
  • Control-mapped evidence package
  • POA&M with deferrable vs. must-be-MET modeling
  • Remediation roadmap with owner and dates per item

Mock Assessment

$15K–$30K

before your real slot

A dry run against actual C3PAO methodology — so the first time your evidence meets an assessor, it isn't the one that counts. Findings ranked by pass-risk with a fix window built in.

  • Full walkthrough using C3PAO assessment methodology
  • Every non-deferrable control pressure-tested
  • Findings ranked by pass-risk
  • Fix window and re-check before assessment day

Continuous Assurance

$3K–$8K/mo

three-year certification lifecycle

Certification is a snapshot; your environment isn't. Drift monitoring, evidence upkeep, and audit support so the posture you certified is the posture you keep.

  • Configuration and control drift monitoring
  • Evidence freshness maintenance
  • POA&M closeout management
  • Audit and re-assessment support
Our evidence pipeline is AI-native and runs on private infrastructure — CUI-adjacent material never transits a commercial cloud, which, per DFARS, it shouldn't.

Frameworks we prepare you for

CMMCLevel 2 & 3
NIST SP 800-171110 controls
DFARS252.204-7012
ITAR22 CFR 120–130
CJISSecurity Policy
NERC CIP002–015
Flagship

Sovereign AI Infrastructure

$200K–$2M+scoped per engagement

On-premises LLM deployment inside the boundary you just certified. You procure the hardware directly through your own capex or channel financing; we architect, integrate, harden, and operate. You end up owning the infrastructure, the model weights, and the deployment — not renting access someone else can revoke.

How delivery works
  • Compliance & ATO integration (CMMC L2/L3, ITAR, CJIS, NERC CIP)
  • Model selection and dual-track deployment plan
  • Cluster architecture — hardware on your balance sheet, not ours
  • RAG and tooling built for your actual workflows
  • Acceptance testing before sign-off
  • Managed operations from $15K/mo, tiered by compliance level

Environments we build in

Microsoft GCC HighAzure GovernmentAWS GovCloudGoogle WorkspacePreVeilOktaCrowdStrikePalo AltoCiscoFortinetNVIDIADellHPEvLLMLlamaMistral

Not just Microsoft. Your boundary runs what it runs — we build inside it, whatever it is. Fully custom environments included.

Every engagement starts with a scoping call.

There is no published rate card — the ranges above reflect real engagements, and your compliance tier changes the work.

Request a Discovery Call