Planning For Your CMMC2 Certification.

June 14, 2026

A common misconception is:

“We need to buy CMMC.”

In reality:

CMMC is not a product. It’s a cybersecurity program made up of people, processes, documentation, and technology.

As the MSP, Netwiz can provide most of the technology stack and implementation services.

CMMC Level 2 Technology Purchasing Checklist

1. Microsoft 365 Licensing

Recommended

Microsoft 365 GCC High

OR

Microsoft 365 GCC

Depending on contract requirements.

Includes

  • Exchange Online
  • SharePoint
  • Teams
  • Entra ID
  • Purview
  • Compliance Center

Typical Cost

  • GCC: $50-$65/user/month
  • GCC High: $75-$100+/user/month

2. Multi-Factor Authentication (MFA)

Required

Examples:

  • Microsoft Authenticator
  • Duo

Purpose

Protect against:

  • Credential theft
  • Phishing
  • Account compromise

Typical Cost

  • Included with Microsoft
  • Duo: $6-$12/user/month

3. Endpoint Detection & Response (EDR)

Required

Examples:

  • Microsoft Defender for Endpoint
  • SentinelOne
  • CrowdStrike

Purpose

Detect:

  • Malware
  • Ransomware
  • Lateral movement
  • Suspicious activity

Typical Cost

$8-$15/user/month

4. SIEM Platform

Required

Examples:

  • Microsoft Sentinel
  • Splunk
  • LogRhythm

Purpose

Collect:

  • Login logs
  • Firewall logs
  • Endpoint logs
  • Microsoft 365 logs

Typical Cost

$500-$5,000+/month depends on number of users

Depends on log volume. minimum is 2 years

5. Managed SOC Monitoring

Recommended

Examples:

  • Netwiz SOC Service
  • Huntress
  • Arctic Wolf

Purpose

24/7 monitoring

Typical Cost

$25-$40/user/month

6. Business-Class Firewall

Required

Examples:

  • Fortinet
  • SonicWall
  • Palo Alto
  • Cisco Meraki

Features Needed

  • VPN
  • Logging
  • IPS
  • Geo-blocking

Typical Cost

$1,500-$10,000+

7. Vulnerability Scanning Platform

Required

Examples:

  • Tenable Nessus
  • Rapid7
  • Microsoft Defender Vulnerability Management

Purpose

Find:

  • Missing patches
  • Vulnerabilities
  • Configuration issues

Typical Cost

$1,500-$10,000/year

8. Email Security

Required

Examples:

  • Microsoft Defender for Office 365 Plan 2
  • Avanan
  • Proofpoint

Protects Against

  • Phishing
  • Malware
  • BEC attacks

Typical Cost

$9-$12/user/month

9. Secure Backup Solution

Required

Examples:

  • Cove
  • Datto
  • Veeam
  • Axcient

Requirements

  • Encrypted
  • Offsite
  • Immutable

Typical Cost

$20-$35/user/month

10. Encryption

Required

Examples:

  • BitLocker
  • BitLocker To Go

Purpose

Encrypt:

  • Laptops
  • Desktops
  • Portable drives

11. Device Management Platform

Required

Examples:

  • Microsoft Intune

Purpose

Manage:

  • Devices
  • Security policies
  • Compliance

Typical Cost

Included in many Microsoft licenses

12. DNS Security

Recommended

Examples:

  • Cisco Umbrella
  • DNSFilter

Purpose

Block:

  • Malicious websites
  • Command & Control traffic

Typical Cost

$6-$10/user/month

13. Security Awareness Training

Required

Examples:

  • KnowBe4
  • Huntress SAT
  • Microsoft Attack Simulation

Purpose

Train employees

Typical Cost

$5-$15/user/month

14. Password Manager

Recommended

Examples:

  • Keeper
  • Bitwarden
  • 1Password

Purpose

Secure password storage

Typical Cost

$3-$8/user/month

15. Secure Remote Access

Required

Examples:

  • VPN
  • Entra Conditional Access
  • Zero Trust Access

Purpose

Secure remote work

16. Log Retention Storage

Required

Needed for:

  • SIEM
  • Audit logs
  • Compliance evidence

Typical Cost

Varies by volume

17. Asset Management System

Required

Track:

  • Computers
  • Servers
  • Firewalls
  • Mobile devices

Examples

  • Intune
  • RMM
  • ConnectWise

18. Policy & Compliance Platform

Recommended

Examples:

  • Compliance Manager GRC
  • FutureFeed
  • Kintent
  • Drata
  • Sprinto

Purpose

Manage:

  • SSP
  • POA&M
  • Policies
  • Evidence

Typical Cost

$7,000-$25,000/year

19. Incident Response Retainer

Recommended

Purpose

Professional assistance during:

  • Ransomware
  • Data breaches
  • Security incidents

Typical Cost

$4,000-$15,000/year

20. Virtual CISO (vCISO)

Highly Recommended

Purpose

Provide:

  • Governance
  • Compliance oversight
  • Risk management

Typical Cost

$1,000-$5,000+/month

Documentation the Client Must Purchase or Create

These are usually professional services provided by Netwiz.

System Security Plan (SSP)

Required

Typical Value:
$7,000-$10,000

POA&M

Required

Typical Value:
$3,000-$5,000

Security Policies

Required

Typical Value:
$7,000-$10,000

Risk Assessment

Required

Typical Value:
$5,000-$8,000

Incident Response Plan

Required

Typical Value:
$3,500-$8,000

Security Awareness Program

Required

Typical Value:
$3,000-$6,000

Posted in , , , ,

Get Started Now

Discover how your network can become faster, more reliable, and more secure. Fill out the following form, and we will provide you:

  • Custom management plan
  • Implementation timelines
  • Cost estimates
  • Answers to your questions

For Immediate Assistance, Call: (714) 809-9170

This field is for validation purposes and should be left unchanged.