It is very difficult to put a monetary value to the reduction of risk by implementing the NIST 800-171 assessment tools. I know that we have reduced our cyber threat risk significantly with the WMEP process. Meeting the standard and assessment is a big undertaking for small/midsize companies and a more “entry level” process may be better received and implemented if offered. It is a very useful process and I feel fortunate to have utilized WMEP to strengthen our cyber-threat defenses.