CMMC Level 2 Compliance - Using a service like Greypike
My company is dipping their toes into government work, and we're discovering the incredible amounts of red tape that lay in our path. Currently, we plan to submit proposals for some SBIR opportunities, but we're ultimately going to need to be CMMC L2 compliant. There is a service called Greypike that can guide us to compliance, but they also offer an 'enclave' which appears to be a workspace that they host, where CUIs and other info will live. There's a monthly cost for them to maintain the workspace. My understanding is that this is a decent alternative to transforming our current internal cybersecurity infrastructure ourselves (hiring more staff, buying hardware, and creating all the policies involved).
Has anybody used a service like this before? The service is costly, but it's also costly to do it ourselves. We come from an entirely different industry, but feel we have something unique to offer for DoD work. When I look at our current cybersecurity structure and methods, and compare them to what CMMC L2 requires...it gives me a migraine. I'm struggling to justify the costs for using a service like Greypike. Any advice is highly appreciated! Thanks all!