CMMC Assessment Services

The Cybersecurity Maturity Model Certification (CMMC) is a Department of Defense (DoD) mandate, designed to safeguard Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) across the defense supply chain.

CMMC compliance is now REQUIRED for all contractors and subcontractors working with the DoD!

If your organization is not ready, you risk losing your ability to win or renew contracts with key primes like Lockheed Martin, Raytheon, Northrop Grumman, and others. 

https://www.lockheedmartin.com/en-us/suppliers/news/features/2025/cybersecurity-program-rule.html

• October 1, 2025: CMMC clause required in most new DoD contracts. Level 1 or 2 Self-Assessment must be complete.

• October 1, 2026: All Contractors and Subcontractors must be compliant with CMMC requirements.

• January 15, 2027: CMMC Level 2 must be fully certified for contract renewal eligibility.
   

Our Level 1 Self-Assessment service is designed for companies handling Federal Contract Information (FCI).

Services include:

• Technical Risk Assessment: We review your current Security Posture and identify gaps.

• Endpoint, Cloud and M365 Auditing: In-depth review of your Device, Cloud, and Microsoft 365 Environment.

• Self-Assessment and Documentation: We guide you through the CMMC Level 1 Self-Assessment, generate your System Security Plan (SSP) and Plans of Action & Milestones (POA&Ms), and assist with Supplier Performance Risk System (SPRS) submission.

• Required Monthly Monitoring: Ongoing Security Monitoring to ensure continued Compliance and Threat Detection.
   

Level 2 is required for organizations handling Controlled Unclassified Information (CUI) and involves the implementation of all 110 NIST 800-171 security practices.

Services include:

• Implementation & Gap Remediation: Comprehensive Mapping and Implementation of NIST 800-171 Controls.

• Comprehensive Documentation: Creation of required SSP, POA&Ms, Risk Register, and Evidence Collection Artifacts.

• M365 Enforcement & User Training: Lock down your Microsoft 365 Tenant and provide Targeted User Training.

• Monthly Cyber Risk Reporting & Compliance Review: Regular reviews to ensure ongoing alignment with CMMC and provide Executive-Ready Reports.
   

• Official RPO Status: Listed with CyberAB — trusted by prime contractors and DoD supply chain leaders - https://cyberab.org/Member/RPO-66202-Willis-Security-Llc
   
• 25+ Years Experience: Deep expertise in Regulated Industries, Compliance, and Security Program Delivery
   
• End-to-End Service: From Initial Gap Assessment through Documentation, Training, and Ongoing Support
   
• Audit-Ready Deliverables: All materials meet DoD and prime requirements — ready for Audit or Spot Checks
   
• Continuous Monitoring: Maintain your Compliant Status with Ongoing Risk Management and Reporting
   
• U.S.-Based, No Outsourcing: Your engagement is handled in-house, by our expert team of domestically located Engineers, Analysts and Executives