# Totem Technologies, LLC
*Also known as Totem*

- Website: https://www.totem.tech
- Location: West Haven, Utah, United States
- Agent profile: https://directory.haycion.ai/agents/totem-tech

> Totem Technologies helps defense contractors and their suppliers achieve DoD cybersecurity compliance through training, consulting, and governance.

Totem Technologies, LLC is a veteran-owned, minority-owned cybersecurity company focused on helping defense contractors and their external service providers achieve cybersecurity compliance with DoD standards (including DFARS, NIST 800-171, and CMMC). The organization provides strategic advisory, gap assessments, policy development, training, and ongoing support to build capable, compliant security programs. Its approach emphasizes education for small businesses, practical guidance, and affordable, high-value cybersecurity tools to improve protective measures across the DoD supply chain. Totem serves clients across the United States, with capabilities in cybersecurity governance, risk management, incident response planning, secure system-level controls, and continuous monitoring readiness. The company's mission centers on enabling smaller organizations to understand requirements, assess their current posture, create actionable plans, and implement effective controls that reduce risk. By combining expert consulting, training, and practical planning, Totem aims to help organizations of varying sizes achieve compliance efficiently, while aligning with DoD cybersecurity best practices and the needs of contractors, educational institutions, healthcare providers, local and federal government entities, and critical infrastructure.

**Mission:** Most cyber-attacks target small businesses, which inspired our mission of educating small businesses and placing affordable high-value cybersecurity tools in their hands.

## Products & Services

### [Totem CMMC Compliance Software](https://www.totem.tech/cybersecurity-compliance-software/)
*Product*
Achieve and manage compliance with DFARS, NIST 800-171, and CMMC effortlessly.

- **Compliance Documentation Management** — Centralize Compliance Artifacts
- **Upfront NIST 800-171 Implementation** — Streamlines Compliance Process
- **Artifact Generation Guidance** — Streamline Compliance Documentation Creation
- **Multi-Standard Compliance Coverage** — Ensure Broad Compliance
- **Interactive Compliance Monitoring** — Real-Time Compliance Tracking
- **Customizable Compliance Templates** — Streamline Documentation Processes

### [HRDN-IT Single PC CMMC Enclave](https://www.totem.tech/cmmc-pc/)
*Product*
Affordable on-premise CUI enclave solution for compliance.

- **Cost Effective With No Ongoing Services** — Reduces Long-Term Costs
- **On-Premise CUI Enclave** — Enables Secure Data Handling
- **Customizable Build Options** — Tailors Solutions to Business Needs
- **Minimal User Count Requirement** — Supports Small and Micro-Businesses

### [Totem Interactive Roadmap to CMMC Compliance](https://www.totem.tech/roadmap-to-cmmc-compliance/)
*Product*
Visualize your path to CMMC Level 2 compliance with Totem's interactive roadmap.

- **Milestones to CMMC Level 2** — Navigate Compliance Steps
- **Integrated Services and Tools** — Utilize Comprehensive Support
- **Downloadable Slideshow** — Access Interactive Resources

### [CMMC Readiness Training](https://www.totem.tech/workshop/)
*Service*
Empower your organization with essential CMMC and NIST compliance training.

- **Level Options** — Choose Your Training Level
- **NIST and CMMC Readiness** — Understand Compliance Requirements
- **SSP/POA&M/IRP Artifact Guidance** — Develop Compliance Artifacts
- **Ongoing Support and Q&A** — Access Continuous Support
- **Hands-On Tools Access** — Utilize Compliance Management Tools

### [NIST 800-171 / CMMC Gap Assessment and Policy Development](https://www.totem.tech/security-controls-assessment/)
*Service*
Achieve compliance with NIST 800-171 and CMMC through thorough assessments and policy development.

- **Comprehensive Gap Assessment** — Assess Your Compliance Gaps
- **Deliverables** — Receive Essential Documentation
- **Expert Guidance** — Utilize Professional Expertise
- **Policy Development** — Create Tailored Policies

### [Facility-Related Control Systems (FRCS) Cybersecurity Services](https://www.totem.tech/facility-related-control-systems-frcs-cybersecurity-services/)
*Service*
FRCS cybersecurity services enabling DoD compliance with UFGS standards.

- **UFGS Alignment** — Meets Critical Standards
- **FRCS Planning and Implementation** — Facilitates Compliance
- **Asset Inventory and RMF Packaging** — Enhances System Security
- **Vulnerability and Security STIG Scans** — Identifies Security Gaps
- **Continuous Monitoring Plan** — Supports Proactive Security

### [Vulnerability Scanning](https://www.totem.tech/vulnerability-scanning/)
*Service*
Automated scanning identifies and mitigates potential cybersecurity vulnerabilities in your systems.

- **Automated Vulnerability Management** — Identifies Weaknesses Automatically
- **Risk-Based Reporting** — Focuses on Critical Vulnerabilities
- **Expert Analysis** — Provides Expert Insights

### [ICS / SCADA Services](https://www.totem.tech/ics-scada-services/)
*Service*
Enhance cybersecurity for your ICS and SCADA networks with comprehensive assessments and hygiene improvements.

- **OT/ICS/SCADA Cybersecurity** — Implement Robust Cybersecurity Measures
- **Asset Inventories and Hygiene** — Ensure Complete Asset Management
- **SCADA Risk Management** — Mitigate Operational Risks

### [Cybersecurity Trainings](https://www.totem.tech/cybersecurity-training-for-business/)
*Service*
Affordable training tailored for small businesses to navigate cybersecurity compliance.

- **Awareness and Admin Training** — Enhance Employee Awareness
- **Workshops for DoD Contractors** — Comprehensive Compliance Knowledge
- **Phishing Simulations** — Conduct Realistic Simulations
- **Online and On Site Delivery** — Flexible Training Formats
- **Customizable Training Materials** — Personalize Training Content

## Market Segments

- **CMMC and NIST 800-171 compliance management**: Capabilities to assess gaps, generate required artifacts (SSP, POA&M, IRP), track remediation, and maintain DFARS/NIST/CMMC compliance for DoD contractors and suppliers.
- **Security training and workforce readiness**: Training and awareness programs that build workforce capability to meet compliance requirements and reduce human-driven risk, including phishing simulations, admin training, and hands-on compliance workshops.
- **OT and ICS/SCADA security**: Specialized cybersecurity services for operational technology, industrial control, and facility-related control systems to inventory assets, harden devices, manage STIGs, and reduce risk to process environments.
- **Vulnerability assessment and continuous monitoring**: Continuous vulnerability scanning, risk-based reporting, expert triage, and continuous monitoring plans to identify, prioritize, and track remediation of technical weaknesses.
- **On-premises CUI enclave deployment**: Design and deployment of affordable on-premises Controlled Unclassified Information (CUI) enclaves and turnkey technical implementations to meet NIST 800-171 and CMMC Level 2 requirements for small contractors.

## Ideal Customer Profiles

### Small DoD Contractors And External Service Providers
Small defense contractors and external service providers seeking DoD compliance.
- Industry: Defense, Government Contractors, DoD Supply Chain
- Geography: United States
- Pain points: Difficulty achieving and maintaining DoD compliance; scattered artifacts; lack of affordable training
- Business goals: Achieve CMMC Level 2 readiness; reduce security risk; develop compliant documentation; lower cost of compliance
- Positioning: A practical path to DoD cybersecurity compliance and documentation for small contractors.

#### Persona: Compliance Manager
- Needs: Clear guidance, templates, artifact generation, audit readiness
- Goals: Achieve CMMC Level 2, prepare SSP/POA&M, pass audits
- Challenges: Tight budgets, limited internal security resources
- Pain points: Manual, error-prone documentation; scattered artifacts
- Solution: Using Totem CMMC Compliance Software and readiness training to automate artifact generation, track progress, and simplify audits.

#### Persona: IT Administrator
- Needs: Automation, templates, quick updates
- Goals: Ensure systems stay compliant with minimal downtime
- Challenges: Limited time; juggling multiple tools
- Pain points: Manual data entry; inconsistent configurations
- Solution: Totem CMMC Compliance Software provides centralized artifact management, automated workflows, and continuous monitoring; CMMC Readiness Training keeps staff up to date.

#### Persona: Program Manager
- Needs: Clear path to compliance milestones, budget alignment
- Goals: Secure bids, demonstrate compliant supply chain
- Challenges: Communicating requirements to diverse teams
- Pain points: Unclear ROI, complex milestones
- Solution: Roadmap to CMMC Compliance and Gap Assessments guide milestone planning and client conversations.

### Critical Infrastructure OT And ICS Operators
OT and ICS operators securing critical infrastructure and DoD alignment.
- Industry: Industrial Control Systems, Utilities, Manufacturing
- Geography: United States
- Pain points: Device inventory and continuous monitoring for OT/ICS; compliance with UFGS and STIGs; risk management
- Business goals: Improve cyber hygiene; achieve RMF packaging; maintain compliance; ensure safety and reliability
- Positioning: Provides a roadmap and tooling for OT/ICS environments to meet DoD requirements while maintaining operational reliability.

#### Persona: OT Security Manager
- Needs: Asset inventory, STIG compliance, incident response guidance
- Goals: Reduce ICS risk, maintain uptime
- Challenges: Legacy systems, safety constraints
- Pain points: Fragmented tooling, downtime risk
- Solution: FRCS planning, asset inventory, vulnerability scans, and STIG checks with Totem tools.

#### Persona: SCADA Engineer
- Needs: Vulnerability data mapped to OT environment, actionable guidance
- Goals: Secure SCADA with minimal disruption
- Challenges: Downtime, compatibility with legacy systems
- Pain points: False positives, lack of targeted guidance
- Solution: FRCS and vulnerability scans with RMF packaging and actionable remediation guidance.

#### Persona: Compliance Lead
- Needs: Documentation, RMF packaging, STIG alignment
- Goals: Achieve DoD alignment across OT/ICS
- Challenges: Resource constraints
- Pain points: Arduous artifact generation and tracking
- Solution: FRCS planning and Totem CMMC Software for artifact management and monitoring.

### Educational Institutions And Healthcare Providers In The DoD Supply Chain
Education and healthcare organizations in the DoD supply chain seeking compliance readiness.
- Industry: Education, Healthcare, Government Contractors
- Geography: United States
- Pain points: Regulatory compliance, data protection for CUI, limited cybersecurity staff
- Business goals: Pass compliance audits, protect student/patient data
- Positioning: Supports education and healthcare entities in the DoD supply chain with practical training, documentation, and artifact management.

#### Persona: IT Director
- Needs: Policy guidance, artifact templates
- Goals: Maintain compliance, protect data
- Challenges: Budget constraints, limited security staff
- Pain points: Documentation backlog, policy alignment challenges
- Solution: CMMC Readiness Training and Totem CMMC Software for templates and artifact management.

#### Persona: Compliance Officer
- Needs: Audit-ready documentation
- Goals: Achieve DoD/NIST compliance
- Challenges: Regulatory complexity
- Pain points: Maintaining up-to-date documentation
- Solution: Artifact management and gap assessment with Totem tools; policy development support.

#### Persona: Training Coordinator
- Needs: Scalable training resources
- Goals: Educate staff, track training records
- Challenges: Coordinating across departments
- Pain points: High training costs, inconsistent materials
- Solution: CMMC Readiness Training and Cybersecurity Trainings with scalable content.

### Managed Service Providers Serving DoD Contractors
MSPs serving defense contractors needing scalable compliance tooling and training.
- Industry: IT Services, Cybersecurity, Managed Services
- Geography: United States
- Pain points: Scalability of compliance across multiple clients; managing artifacts; keeping up with DoD changes
- Business goals: Offer compliant services, reduce client audit time, standardize processes
- Positioning: Enables MSPs to standardize DoD compliance offerings with scalable tooling and training across multiple clients.

#### Persona: MSP Account Manager
- Needs: Scalable onboarding, consistent artifacts
- Goals: Deliver compliant services to clients
- Challenges: Managing multiple client states
- Pain points: Fragmented processes
- Solution: Totem CMMC Software and Roadmap tooling for standardized service delivery.

#### Persona: Technical Lead
- Needs: Artifact templates; RMF packaging
- Goals: Provide secure services across clients
- Challenges: Integration complexity
- Pain points: Inconsistent toolchains
- Solution: FRCS/Vulnerability Scanning integrated with Totem for multi-client deployments.

#### Persona: Compliance Coordinator
- Needs: Audit-ready documents for multiple clients
- Goals: Maintain updated SSP/POA&M across clients
- Challenges: Version control across multiple environments
- Pain points: Manual updating
- Solution: CMMC Software for artifact management and monitoring across clients.
