Cyber Risk Doesn't Wait. Neither Should You.

WHAT'S YOUR
RISK
SCORE?

Every business carries cyber risk. Most don't know their exposure until it's too late. We score your security posture, identify real gaps, and give you a clear path forward — whether you're chasing compliance or just protecting what you've built.

Get Your Free Score → See How It Works
Live Risk Score Preview
0/100
Access Control
Partial
Identification
Gap
Media Protection
Gap
Config Mgmt
OK
Incident Response
Partial
SPRS Score Estimate · Sample Output
0
of SMBs Close Within 6 Months of a Cyber Incident
0
Average Cost of a Data Breach in 2024
0
ROI — Assessment Cost vs. Breach Cost Avoided
0
Cost for Pilot Program Participants

Cybersecurity Risk Assessment

YOUR SCORE IS
YOUR SHIELD.

Healthcare, defense, energy, finance, or tech — every organization faces cyber risk. We give you a scored, prioritized assessment that tells you exactly where you stand and exactly what to fix first. No jargon. No disappearing act after the report.

🎯
RISK SCORE CALCULATION

Your risk score is your baseline — the starting point for every decision about your security posture. For DoD contractors we calculate and submit your SPRS score. For all other clients we score against NIST CSF, HIPAA, PCI-DSS, or SOC 2 as applicable.

All Industries
🔍
GAP IDENTIFICATION

Every deficiency documented, severity-rated, and mapped to a clear remediation priority. Whether you operate under CMMC, HIPAA, GLBA, PCI-DSS, or SOC 2 — we identify exactly what's exposed and what it takes to close it.

Framework Agnostic
🗺️
REMEDIATION ROADMAP

A prioritized, sequenced plan that closes your gaps in the right order — quick wins first, then structural fixes. Built for lean teams without a full IT department or in-house CISO.

Actionable
📊
WHAT YOUR READINESS REPORT LOOKS LIKE

Real domain scores. Specific gaps. A prioritized fix list. Your SPRS score. And a clear-language executive summary you can hand to a prime contractor or contracting officer. Yours free — no strings.

Free Assessment
Access Control
55%
Audit & Accountability
30%
Config Management
80%
Incident Response
20%
System Protection
65%

Who We Serve

✈️Defense & Aerospace 🏥Healthcare & Clinics 🏦Financial Institutions Energy & Oil/Gas 💻Technology & SaaS 🏭Manufacturing 🚚Logistics & Freight ⚖️Legal & Accounting

Services

WHAT WE DELIVER

View All Services →
📋
CYBERSECURITY RISK ASSESSMENT
Know your score. Know your exposure.

A comprehensive scored review of your cybersecurity posture against the framework that applies to your industry — CMMC, NIST CSF, HIPAA, PCI-DSS, or SOC 2. The starting point for every engagement — and free for qualified companies.

FREE for qualified clients
START HERE →
 🛡️
CMMC COMPLIANCE
Level 1 & Level 2 Readiness

Full-stack CMMC compliance from gap assessment through remediation, documentation, and C3PAO prep. We stay until you're actually compliant — not just assessed.

$8.5K starting at
SEE PRICING →
 🔐
ZERO TRUST ADVISORY
Coming Soon

Full Zero Trust architecture advisory — identity, access, segmentation, and monitoring. CMMC compliance and Zero Trust aren't separate goals. They're the same goal.

TBD coming soon
NOTIFY ME →

CMMC Levels

🥉
CMMC LEVEL 1
17 Controls · Self-Attestation · From $8.5K
🥈
CMMC LEVEL 2
110 Controls · C3PAO Prep · From $32K
🥇
FULL STACK
L1 + L2 + Advisory · From $55K

How It Works

FROM SCORE TO
PROTECTED.

A clear, fixed process from first call to remediated and documented. Whether your goal is CMMC compliance, HIPAA readiness, or simply knowing your real exposure — the process is the same. No surprises. No scope creep. No disappearing after the report.

01
Discovery Call

20 minutes. We learn your industry, environment, compliance obligations, and risk priorities. No jargon, no pressure.

02
Cybersecurity Risk Assessment

We score your posture against the applicable framework — CMMC, NIST CSF, HIPAA, PCI-DSS, or SOC 2. Free for qualified clients.

03
Gap Analysis

Every gap documented with severity rating and remediation recommendation. You get the full picture.

04
Remediation

We close the gaps with you — configuring systems, writing policies, validating each control is actually met.

05
Protected

Documentation complete. Gaps closed. Whether that means CMMC self-attestation, HIPAA compliance, or a clean risk posture for your cyber insurer — done right.

Limited Availability

PILOT
PROGRAM.

Cercis Cyber is new. We have deep CMMC expertise and real cybersecurity experience — but we're being transparent: we're building our case study portfolio. So here's the deal.

  • Complete CMMC Level 1 Gap Assessment — $3,500 Free
  • Remediation Guidance (17 controls) — $5,000 Free
  • Self-Attestation Documentation — $1,500 Free
  • 30-Day Post-Engagement Support — $2,000 Free
  • Total Value: $12,000 — at no cost to you

What We Ask in Return

  • ✍️ A written testimonial on completion — what you experienced, what changed for your business.
  • 🤝 One warm introduction to another small DoD contractor or subcontractor in your network.
  • 📞 A 15-minute reference call if a future prospect asks to speak with a past client — at your discretion.

1 of 4 spots taken — 3 remaining

Apply for Pilot Program →

Who We Are

BUILT BY OPERATORS.
NOT CONSULTANTS.

Cercis Cyber was founded in Oklahoma City by two practitioners who spent years inside the problem before deciding to solve it. We are not a staffing firm with a compliance checklist. We are not a coast-based consultancy flying in to bill hours. We are operators — with direct experience across DoD cybersecurity frameworks, federal compliance implementation, and enterprise risk management — who built this firm specifically for the organizations that big firms ignore. Small defense subcontractors. Regional healthcare systems. Mid-market businesses with real exposure and no roadmap. That is our market. That is our mission.

Founder & Managing Operator
STRATEGY & CLIENT OPERATIONS

Leads client engagement, business development, and compliance strategy. Background spans federal contracting, cybersecurity advisory, and organizational risk management. Brings a practitioner's understanding of how small businesses actually operate — and what it takes to get them compliant without disrupting the business that pays the bills.

CMMC Advisory Federal Contracting Risk Strategy Client Operations
Co-Founder & Chief Technology Officer
TECHNICAL ARCHITECTURE & ASSESSMENT

Leads all technical assessments, system architecture reviews, and remediation execution. Deep background in cybersecurity engineering, network infrastructure, and DoD-aligned security frameworks. Responsible for the technical integrity of every engagement — from initial gap analysis through final documentation and audit preparation.

NIST 800-171 Zero Trust Architecture Security Engineering C3PAO Prep
HOW WE OPERATE
🎯Fixed-fee engagements — no surprise invoices
📍Oklahoma City based — we live and work here
🔒Two dedicated operators on every engagement
⚖️Minority-Owned — SDB certified advantages
📋We stay through remediation — not just assessment
🛡️DoD-grade standards applied to every client

Ready to talk about your security posture? No jargon, no pressure.

Book a Free 20-Minute Call →

Transparent Pricing

PROTECT FAR MORE
THAN YOU SPEND.

Fixed-fee engagements. No hourly billing. No change orders. No surprise invoices. Oklahoma-market pricing built for small teams without big-firm overhead.

Level 01
BRONZE
CMMC Level 1 · 17 Controls
$8.5K
Starting at · 4–6 weeks · 2 operators
  • Full Level 1 gap assessment
  • All 17 FAR 52.204-21 controls
  • Remediation support & guidance
  • Self-attestation documentation
  • 30-day post-engagement support
Get Started →
Level 02 · Most Popular
SILVER
CMMC Level 2 · 110 Controls
$32K
Starting at · 10–14 weeks · 2 operators
  • Full NIST 800-171 assessment
  • All 110 practices across 14 domains
  • System Security Plan (SSP)
  • POA&M development & tracking
  • C3PAO audit preparation
  • 60-day post-engagement support
Get Started →
Full Stack
GOLD
L1 + L2 + Ongoing Advisory
$55K
Starting at · 16–20 weeks · 2 operators
  • Everything in Silver
  • Technology stack recommendations
  • Vendor selection guidance
  • 90-day ongoing advisory retainer
  • Priority response SLA
  • Zero Trust Advisory (Coming Soon)
Get Started →

ALL ENGAGEMENTS BEGIN WITH A FREE ASSESSMENT · STARTING-AT PRICING — FINAL COST CONFIRMED AFTER SCOPING · NO HOURLY BILLING · NO SURPRISES

Risk Assessment services are delivered in partnership with OneTier — a post-quantum enterprise security platform. Cercis Cyber captures and qualifies clients; OneTier performs the full technical assessment. Pricing displayed as published by OneTier.
via OneTier
ASSESS
RISK ENGAGEMENT
Comprehensive Risk Assessment & Threat Modeling
$15K
From $15,000 / yr · OneTier published rate
  • Complete Risk Assessment Report
  • Attack surface mapping
  • Quantum vulnerability scan
  • Executive summary presentation
  • Custom remediation roadmap
  • *Custom pricing for extended scope
Start Assessment →
via OneTier
ENCRYPT · Most Popular
SHROUD
Advanced Post-Quantum Encryption Solutions
$25K
From $25,000 / yr · OneTier published rate
  • Post-quantum key encapsulation
  • Data-in-transit encryption
  • Data-at-rest protection
  • Secure access policies
  • Zero-downtime deployment
  • *Custom pricing for scaled deployments
Request Demo →
via OneTier
COMMAND
COMMAND CENTER
Unified Single Pane of Glass Security
$50K
From $50,000 / yr · OneTier published rate
  • Unified security dashboard
  • 1 integrated module included
  • Real-time threat aggregation
  • Cross-vendor policy enforcement
  • Executive reporting engine
  • *Custom pricing for additional modules
Contact Us →

RISK ASSESSMENT SERVICES DELIVERED VIA ONETIER PARTNERSHIP · CERCIS CYBER MANAGES YOUR ENGAGEMENT FROM START TO FINISH · CONTACT US TO SCOPE YOUR ASSESSMENT

Why Cercis

BUILT FOR THE
UNDERSERVED.

No CISO. No IT team. 5–50 employees. You're exactly who the big firms ignore. You're exactly who we built this for.

🎯
PRE-AUDIT SPECIALISTS

We prepare you so you pass the C3PAO audit on the first try. Our competitors assess. We remediate, document, and stay through completion.

📍
OKLAHOMA ROOTED

We live here. Our competitors fly in from Texas or consult from a coast. We know the Tinker AFB corridor, DLA subcontractors, and OKC defense ecosystem personally.

⚖️
MINORITY-OWNED ADVANTAGE

As a Minority-Owned firm, we qualify for SDB status — and prime contractors seeking diversity spend actively seek partners like us. That's an advantage for you too.

💰
13:1 RETURN ON INVESTMENT

Our starting-at $8,500 Level 1 engagement protects contracts worth multiples more. Lose the contract, lose far more than what compliance costs.

🔒
FIXED FEES. NO SURPRISES.

No hourly billing. No change orders. No scope creep invoices. You know your total cost before we start — and it doesn't change.

🛡️
DOD-GRADE STANDARDS

We partner with and utilize DoD-grade systems and platforms. The same standards we hold our clients to, we hold ourselves to. That's not a marketing line — it's how we operate.

YOUR RISK IS
REAL.

Defense contractors facing CMMC deadlines. Healthcare organizations under HIPAA scrutiny. Financial firms managing vendor risk. Every business has exposure. The ones who know their score act faster, spend less, and stay protected.

Book Free Assessment → Apply for Pilot Program

Oklahoma City Based · Minority-Owned · Fixed-Fee · No Obligation · All Industries Welcome