• 131 Guilford Road, Bloomfield Hills, MI 48304
  • securelyyoursllc.com
  • Office Hours: 8:00 AM – 7:45 PM

CMMC Services

CMMC Scoping Assessment

Securely Yours helps organizations understand if CMMC applies to their organization and helps them identify government data considered to be in scope of CMMC. The Department of Defense (DoD) outlines three different levels to CMMC depending on the types of data an organization stores and processes. Securely Yours will educate key stakeholders on what types of data are in scope for CMMC, including Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) and identify what level of CMMC is required to ensure your organization is fully compliant with DoD requirements.

 


We also understand that the larger the scope of CMMC, the more costs organizations incur to become fully compliant with CMMC. Wherever possible, we work with clients to limit where government data resides on their systems to reduce the amount of effort needed to implement CMMC controls.

CMMC Controls Assessment

For organizations with a clear understanding of their CMMC requirements but are unsure of their progress towards CMMC compliance, Securely Yours offers security control assessments based on the DoD requirements outlined in NIST 800-171.

Once the systems in scope have been identified, we will interview various business units and evaluate the compliance of the CMMC controls. After the assessment has been completed, Securely Yours will provide you with a Supplier Performance Risk System (SPRS) score which is a CMMC requirement for suppliers and contractors. We also deliver detailed reports which cover control deficiencies and recommendations for remediation in a prioritized sequence.

CMMC Control Implementation

When an organization understands the current status of their controls and where they need to improve, some companies need help remediating deficiencies to secure their environment. Coordinating across business units to remediate control gaps can be challenging and time consuming. Securely Yours understands these challenges and helps clients who need to implement these controls.

Remediating controls is an involved process which can take months to implement. CMMC requires a Plan of Action and Milestones (POA&M) document be created for each control gap in a company’s environment. These POA&Ms are expected to include:

  • • Security vulnerabilities or gaps that need to be addressed
  • • The plan for fixing them
  • • The milestones or target dates for completion
  • • The resources required
  • • The personnel responsible


A significant requirement of CMMC involves drafting a System Security Plan (SSP) which outlines the organization’s cybersecurity strategy for protecting sensitive information including CUI. In addition, Standard Operating Procedures (SOP) need to be developed which are a set of documented operational instructions related to cybersecurity.

Securely Yours will not only help clients document their POA&Ms, SSP, and SOPs but also collaborate with business units to implement the remediation actions. This approach brings clients one step closer to preparing for CMMC certification.