Skip to main content
New InterSec is now ISO/IEC 42001 certified for AI management systems Read the announcement
Book a Call
Security Architecture & Engineering
Cybersecurity Advisory
Threat & Vulnerability Management
Compliance Services
Managed Security Services
Cyber Workforce Development
The Company
How We Engage
Capability Statement

Download our Capability Statement for a complete view of InterSec.

Download Now
Learn & Apply
Research & Outcomes
News & Updates ISO/IEC 42001 Certified

The latest milestones, trends, and analysis from the InterSec team.

Read the latest

Client Success Story

Closing the CMMC Level 2 Gap for a Manufacturer with Legacy IT and Cloud Hesitancy

A Virginia manufacturer with minimal IT staff, aging infrastructure, and reservations about the cloud risked losing DoD contracts under DFARS 7012. InterSec's phased NIST 800-171 approach closed the gaps and reached CMMC Level 2 in nine months.

Download the Case Study Read the Story
CMMC Readiness Defense Industrial Base Completed
9 months
To meet CMMC Level 2 requirements
A phased NIST 800-171 roadmap scaled to a lean manufacturer's real capacity.
High-risk gaps closed early with MFA, encryption, and VPNs
DoD contracts protected
Employees adopted the new processes
Client
Virginia-based defense manufacturer
Sector
Defense Industrial Base
Profile
Minimal IT staff, aging infrastructure, cloud hesitancy
Driver
DFARS 7012 & CMMC Level 2
01

The Challenge

The firm had to comply with DFARS 7012 while working around aging IT systems and a genuine skepticism about moving to the cloud, and losing DoD contracts was a real possibility without prompt remediation. The obstacles were as much about resources and culture as technology.

No security oversight
There was no dedicated cybersecurity strategy or governance in place.
Unmapped CUI
It was unclear where Controlled Unclassified Information lived across the environment.
Deadline as revenue risk
Missing the CMMC deadline could mean significant revenue loss.
02

The Approach

InterSec started by securing executive backing, then deployed a field-tested readiness framework so the whole organization aligned on the standard from the top down. Bringing leadership in early cleared the roadblock that mattered most here, the hesitancy about cloud adoption.

01
Secure executive backing
Make the security investment and governance responsibilities explicit so cloud hesitancy gives way.
02
Lead with quick wins
Deploy MFA, encryption, and secure VPNs to reduce the highest-risk exposures fast and build momentum.
03
Work to the company's capacity
Keep resource demands realistic for a lean manufacturer rather than assuming an enterprise IT team.
03

The Solution in Practice

The team began by scoping CUI, identifying where sensitive data lived across the on-premise systems and the partial cloud footprint, so the protection effort targeted the right assets. From there, InterSec overhauled policies and procedures, establishing asset management, vulnerability scanning, and encryption practices the company had lacked. Because a program is only as strong as the people running it, the work included hands-on staff training and practical security-awareness sessions.

Employee adoption is the difference between a program that lasts and one that lapses after the deadline, so the work trained the people, not just the systems.

04

Results & Impact

Modernizing the IT systems and building a culture of security readiness protected the company's contracts and laid a foundation for ongoing risk management.

CMMC Level 2 requirements were met within nine months.
Quick fixes to high-risk areas reduced the most pressing threats early.
Employees adopted the new processes, making the program sustainable rather than a one-time push.
05

Key Takeaways

Executive backing clears cultural roadblocks
Cloud hesitancy is rarely solved by technical argument alone. Leadership alignment on investment and governance moves it.
Lead with quick wins
MFA, encryption, and secure VPNs reduce real risk fast and build the momentum a longer program needs.
Scope CUI before protecting it
Knowing where sensitive data actually lives is what keeps the effort focused and the budget realistic.
Train the people, not just the systems
Employee adoption is the difference between a program that lasts and one that lapses after the deadline.
Capabilities Demonstrated
CMMC Level 2 Roadmap (NIST 800-171)CUI Scoping & ProtectionLegacy IT ModernizationSecure Cloud AdoptionStaff Training & Awareness

Working With InterSec

Limited IT staff and aging systems are the norm, not a disqualifier for CMMC.

InterSec prepares defense manufacturers for assessment with a roadmap scaled to their resources. Let's find your quickest path to a defensible program.

Book a Call Download This Case Study

More Case Studies

Explore related work

View all
CMMC Readiness Defense Industrial Base
From an SPRS Score of -203 to Assessment-Ready: Multi-Site CMMC Level 2 for a Navy Ship-Repair Prime
Read case study
CMMC Readiness Defense Industrial Base
When the MSP Is the Risk: CMMC Level 2 for a Specialty Metals Supplier
Read case study
CMMC Readiness Defense Industrial Base
Right-Sizing CMMC Level 2 for a Small Navy Industrial-Services Contractor
Read case study