Context
An analytics and investigative support service provider for the U.S. federal government was pursuing CMMC L2 certification. At the outset, the organization was dealing with unclear CUI boundaries, early GCC High adoption, no current SSP or POA&M, and other documentation challenges. Leadership needed a practical path to stand up a CMMC L2–compliant enclave with documented processes to maintain eligibility for their existing contracts.
Our Approach
ResilientTech Advisors led the CMMC L2 readiness effort. We designed the approach for CMMC Level 2 readiness, translated security requirements into the actions needed to take to stand up the CUI environment, and directed the work across the readiness effort so technical decisions, documentation, and implementation stayed aligned with operational needs and CUI protection. Our team led the development of the System Security Plan, POA&M, policies, and evidence collection and we kept the work anchored to assessment expectations.
Impact
- Built the client’s GCC High CUI enclave in 80 days.
- Produced the core CMMC Level 2 certification artifacts, including the SSP, POA&M, policies, and evidence structure.
- Resolved ambiguity around CUI scope, enclave responsibilities, and required controls so the team could execute.
- Gave leadership a defined path to pursue CMMC Level 2 certification tied to existing federal contract obligations.
Related Services
- Embedded Cyber Leadership
- Cyber Risk & Strategy
- Compliance & Assurance
- Security Engineering & Operations
“ResilientTech Advisors designed the compliance strategy, defined the security requirements, and showed us how to build the CUI enclave on GCC High. They directed the work in a way that brought structure to a complex CMMC effort. They kept the team focused on what mattered and moved us from ambiguity to execution. Their leadership changed the trajectory of the work.”
Senior Technology Leader, Government Services Provider
This engagement reflects our ability to design secure environments, direct complex CMMC readiness efforts, and turn compliance requirements into implementation.