RMF Assessment and Authorization - $350,000

Xylok offers a fixed price for RMF Assessments (the RMF accreditation process). As an Agent for the Security Control Assessor (ASCA), Xylok performs all the required RMF assessment technical scans, process and documentation reviews, and reporting for the SCA*. Xylok completes all these requirements in 10 weeks**. By offering a fixed price and a fixed timeline, organizations are able to budget for the accreditation process and determine the appropriate time to schedule Xylok as the ASCA. Xylok is the only ASCA to offer this service for a fixed price and timeline. (Xylok holds both General Air Force ASCA and Special Space ASCA licenses.)

The $350,000 price applies to systems that are 15 to 250 devices in size that use benchmarks included in our maintained benchmarks. Travel, if required, is at-cost. If your organization falls outside of this size or needs benchmarks outside of this list, please contact us for custom pricing with information about the benchmarks you use and the type of devices on your network.

Compliance Quick Looks

Xylok can perform Compliance Quick Looks to determine where your system stands in preparation for hiring an ASCA to perform an RMF Assessment. These Quick Looks can be accomplished in one to two weeks. Pre-accreditation testing (if Xylok is not your ASCA) allows your organization to get a start on your POA&M and increase your confidence that your conditional ATO/ATO will be granted on the first attempt.

Other Professional Services

Xylok, LLC can also bring our own people to help. Some of the other services we offer include:

  • Document Preparation for RMF:
    • System Security Plan (SSP)
    • Contingency and Business Continuity Plan (CBCP)
    • Continuity of Operation Plan (COOP)
    • Concept of Operations (CONOPS)
    • Incident Response Plan (IRP)
    • Configuration Management Plan (CMP)
    • Other policies, procedures, and/or plans as needed
    • Pre-red team/blue team testing
    • General compliance and government requirements consulting

If you have another need in the cybersecurity and compliance space, get in touch with us. We have people on our team with the expertise you need.


Xylok Scanner Licensing

The Xylok Scanner is available for an annual license price. This allows you to scan your own devices and analyze your baselines. Run scans as often as you need to continuously verify compliance settings. The Xylok Scanner easily shows you what has changed from scan to scan helping meet the RMF continuous monitoring requirement.

On-premises installs of the Xylok Scanner are priced around the number of devices you have and which benchmarks you are using. Any benchmark included in our maintained benchmarks are included in the price. Benchmarks outsides of this may be an additional cost depending on the level of effort involved. Contact us for individual benchmark pricing.

No matter what you purchase, we will be there to support you through the first scan of your systems and ensure your people know how to get the most out of the Xylok Scanner.

For more information, contact us.


* Xylok cannot guarantee you will receive an ATO--the final decision is up to the Authorizing Official (AO).
** 10 week timeline requires delivery of all RMF control-related documents (if available) at the beginning of the contract. For the current list, please contact Xylok.