Both NIST 800-171 and the Capability Maturity Model Certification (CMMC) require organizations have a documented information security policy and related standards for each of the respective domains.  Up until the release of our Policy and Standards Professional Robot (ProBot) organizations were more or less "stuck" using Exostar's PolicyPro. Exostar's PolicyPro serves its purpose but it's comparatively slow and they maintain control over your documents.  We think that's kind of like holding your policies hostage.  And when Exostar PolicyPro is charging $999 it seems a bit unfair to organizations who just want a policy and some standards.

Here's how our Policy and Standards ProBot differs from Exostar PolicyPro:
  • Finished vs. Incomplete:  We have employed industry best practices to automagically generate COMPLETE documents.  After you fill in the form and hit submit you are finished.  We are not generating partially complete documents; they are essentially complete.  Yes, we do encourage customers to review them to ensure they truly match how you will or do operate but the documents you receive are complete.  Exostar PolicyPro makes you create the policy whereas we do it for you.

  • Seconds vs. Days: You'll receive your information security policy and standards (depending on which plan you select below) in about 30 seconds after you hit submit.  This is because unlike Exostar PolicyPro we have actually 100% automated the process, hence why we call ours a ProBot.

  • Source Documents vs. Hostage Documents: Unlike Exostar PolicyPro, we deliver the NIST 800-171 & CMMC-compliant information security policy (including reference to the 17 domains), and 17 individual domain-specific standards (depending on which plan you purchase) in 30 seconds or so.  They come to you via email and you'll get them in Microsoft Word format so you can adjust as you see fit.  Or, if you want to re-use the online form and re-run them again over, and over, and over, and over again then you're just 30 seconds away each time from fresh copies.

  • Policy vs. Policy and Standards: Policies are the high-level laws set forth by your organization.  They are designed to change very, very infrequently and they are reviewed and approved at the organization's highest levels.  Standards on the other hand are still somewhat high-level but are the glue that connects the very low-level, detailed procedures to the high-level policy.  In the same 30 seconds we generate BOTH the policy and standards.  Exostar PolicyPro gives you a policy, that's it.

  • 2 Years vs. 1 Year: You'll have access to our ProBot for two years. This gives you the ability to make changes over the next 48 months as many times as you want.  Again, you'll get to do that for two years.  Exostar PolicyPro gives you the opportunity to user their slower service for a year and each time you get to wait for a human to do what our ProBot does in seconds.

  • Reasonable Cost vs. Less Reasonable Cost: It's pretty simple. They charge $999 and we charge $149 if you just need the policy and $449 if you need a policy and the standards.

  • Value-Added vs. No Value-Added:  Added value only matters if the customer gets tangible benefit.  With that in mind, policies and standards are not rocket science to create but they can be quite time consuming if you write them yourself.  Where the real heavy lifting comes in is at the low-level procedures.  Policies set the laws for the company, standards take it a layer deeper and define how the policy statements are satisfied, but when it comes to a formal assessment, the assessor needs evidence that the organization actually does what it says. This is the devil in the details part and it's where procedures enter the compliance equation.  So, in 30 seconds or less we can produce some pretty amazing documents but procedures aren't like that.  They are unique to every customer.  In order to add real value in helping customers sort out the state of their procedures we offer a 40 hour consulting option.  You can decide if the 40 hours are spent updating the current standards to connect them to the new policy and standards we've created, or perhaps there are gaps in your procedures and you'd like to use the 40 hours having us research and write procedures.  It's your decision and they are your 40 hours to use as you see fit.  All we require is that the 40 hours are consumed contiguously, over the course of one calendar week.



TIME: 30 Seconds














Cyber Security Training and Consulting LLC

112 North Central Avenue

Suite M09

Phoenix, AZ 85004 


Contact Us

DUNS: 116921448

Proudly Providing Online Security Awareness Training and Instructor-led Cyber Security Training to Clients Globally

Africa | Asia | North America | South America | Central America | Eastern Europe | European Union | Middle East | Caribbean | Oceania

Our instructor-led courses are delivered at our training facilities in Mesa, Arizona. We are proud to serve the Greater Phoenix Metropolitan area including:

Apache Junction, Avondale, Buckeye, Carefree, Casa Grande, Cave Creek, Chandler, Coolidge, El Mirage, Eloy, Florence, Fountain Hills, Gila Benda, Gilbert, Glendale, Goodyear, Guadalupe, Kearny, Litchfield Park, Mammoth, Maricopa, Mesa,  Paradise Valley, Peoria, Phoenix, Queen Creek, Scottsdale, Superior, Surprise, Tempe, Tolleson, Wickenburg, Youngtown