A $20B global leader in motion and control technologies faced a mission-critical challenge: upcoming DoD programs and supply chain mandates from large primes required CMMC Level 2 certification. They needed to prove they could safeguard CUI with the same rigor they applied to manufacturing flight-critical components.
The company's 40+ divisions operated independently, each with different IT systems, security tools, engineering workflows, policies, and levels of NIST 800-171 maturity. Some units were close to audit-ready. Others lacked foundational documentation. They needed a unified, scalable approach to compliance — fast.
Stehrling delivered a structured, enterprise-wide readiness program built around four pillars:
Scope assessment across the enterprise, standardized policies and procedures, a unified SSP framework, and enterprise POA&M tracking.
Multi-factor authentication deployment, network segmentation, centralized logging and SIEM integration, and role-based access controls.
6,500+ employees trained on CUI handling, incident reporting, and secure engineering practices. Built an enterprise-wide security culture.
Multiple internal assessments mirroring third-party rigor, evidence collection and interview coaching, and division-level readiness scoring.
CMMC Level 2 certified on the first attempt
$2.4B+ in new DoD programs unlocked
6,500+ employees trained on CUI handling
Scalable framework for future division audits
Unified enterprise security posture
Strengthened position as trusted DIB supplier
A solutions-focused federal contractor supporting mission-critical defense programs needed to achieve CMMC Level 2 to continue safeguarding CUI. With evolving DoD requirements and the operational complexity of compliance, they turned to Stehrling for expert advisory and readiness support.
The organization faced several critical challenges: ensuring full alignment with all 110 NIST SP 800-171 requirements, establishing a repeatable compliance governance structure, closing documentation and evidence gaps ahead of a C3PAO assessment, and coordinating cybersecurity, IT, leadership, and operations stakeholders under a unified strategy.
They needed more than technical guidance — they needed a partner who could translate regulatory expectations into actionable activities without disrupting ongoing mission operations.
Stehrling deployed an experienced team of CMMC and NIST 800-171 practitioners through a structured, transparent, and measurable readiness program.
Full evaluation against all 110 NIST 800-171 requirements — identifying technical control deficiencies, documentation gaps, evidence shortcomings, and process inconsistencies. Delivered a prioritized, risk-based remediation roadmap.
Helped the organization strengthen identity & access management, logging, and incident response capabilities. Updated and created policies, procedures, and system security documentation. Produced required artifacts and objective evidence for assessment.
Conducted internal mock interviews and evidence walkthroughs, prepared subject matter experts for assessor questioning, validated evidence readiness for every control, and coordinated pre-assessment logistics.
Passed official CMMC Level 2 assessment
Full alignment with DoD cybersecurity requirements
Mature cybersecurity governance structure
Sustainable long-term compliance posture
Renewed eligibility for DoD contracts involving CUI
Strengthened trust with defense partners
With more than $900M in annual research activity, thousands of faculty and graduate researchers, and a rapidly expanding portfolio of DoD-funded projects, one of the nation's premier SEC universities needed to modernize and secure its hybrid cloud environment spanning Azure, AWS, and on-premise systems. They selected Stehrling to lead the CMMC readiness initiative.
Unlike traditional enterprises, major research universities operate as federations of semi-autonomous units. Each college, lab, and research center had its own cloud workloads, identity and access management practices, data-handling procedures for CUI, and security maturity levels. The university needed a unified, enforceable security baseline — without disrupting ongoing research or slowing down grant-funded project timelines.
Stehrling designed a tailored, cloud-focused readiness program built around the realities of higher education and cloud-native research environments.
Mapped the university's cloud architecture, identified CUI boundaries, and established a defensible compliance scope aligned with NIST 800-171.
Built a cross-campus governance model, standardized policies, and created a centralized SSP and POA&M structure that every research unit could follow.
Strengthened identity governance and MFA enforcement, FedRAMP-aligned configurations in Azure Gov and AWS GovCloud, centralized logging, monitoring, and SIEM integration, and secure virtual research environments for faculty and graduate teams.
Delivered targeted training for principal investigators, IT teams, and researchers. Conducted a full mock assessment and evidence reviews to prepare for C3PAO evaluation.
Fully documented, assessor-ready CMMC Level 2 environment
Secure, standardized cloud enclave for all CUI research
Zero-trust alignment and stronger identity governance
Repeatable framework for future DoD-funded projects
Unified security posture across previously siloed units
Positioned as trusted DoD research partner
Talk to a CMMC expert. We'll tell you exactly where you stand and what it takes to get certified.
Talk to a CMMC Expert →
An independent firm focused exclusively on CMMC compliance for defense contractors and the DIB.