Enhancing Cybersecurity Supply Chain Risk Management (C-SCRM) for the Department of the Interior

A Virginia-based manufacturing company was struggling with CMMC Level 2 compliance due to limited IT resources, legacy technology, and hesitancy around using cloud services. InterSec applied its NIST 800-171/CMMC readiness methodology to close compliance gaps and enable secure operations.

Download Case Study
All Case Studies
CMMC

Background

This defense-oriented manufacturer relied on outdated infrastructure and minimal IT staff, making it difficult to meet the Department of Defense’s CMMC Level 2 standards. Their concerns over cloud security further complicated modernization efforts necessary for contract retention.
The Client
A Defense Contracting Company
Industry
Defense

The Challenge

  • Lack of Dedicated IT Resources: Minimal cybersecurity oversight or expertise.
  • Risk of Non-Compliance: Failure to comply with CMMC threatened the loss of crucial defense contracts.
  • Complex Controls: Unsure how to handle Controlled Unclassified Information (CUI) securely, especially with partial cloud usage.

Approach and Strategy

  • Executive Engagement & Education: Gained top-level buy-in to clarify responsibilities and secure budget.
  • Field-Tested CMMC Readiness: Utilized a phased, proven methodology grounded in NIST 800-171 standards.
  • Gap Analysis & Roadmap: Identified security shortfalls and prioritized a mix of quick wins and long-term fixes.

Solution & Implementation

  • CUI Scoping
    • Identified and classified CUI across on-premises and cloud-based environments
  • Policies & Procedures Development
    • Created documentation for asset management, MFA use, and vulnerability scanning guidelines
  • Technical Remediation
    • Implemented email and drive encryption, secure VPN access, and replaced obsolete hardware to meet baseline requirements.
  • Continuous Monitoring & Staff Training
    • Deployed vulnerability scanning tools and trained staff on secure data handling to maintain audit readiness.

Results / Outcomes

  • SPRS Score of 110: Surpassed the CMMC Level 2 scoring threshold, securing defense contract eligibility.
  • Rapid Vulnerability Remediation: Reduced overall risk by promptly addressing critical flaws.
  • Stronger Security Culture: Heightened employee awareness and support for cybersecurity measures.

Lesson Learned

  • Methodical Yet Flexible: Allowed quick adaptation to the client’s evolving IT environment.
  • Cloud Skepticism Overcome: Demonstrated that a securely configured cloud can meet compliance needs.
  • Lasting Partnership: The client enrolled in InterSec’s Managed Security Services (MSSP) for ongoing compliance.
Untitled UI logotextLogo

Expert Cybersecurity Solutions for Federal, State and Commercial Organizations

Company
About
Partners
Contract Vehicles
Download Capability
Technology Partners
Solutions
Cybersecurity Advisory
Cybersecurity Architecture and Engineering
Threat and vulnerability management
DFARS/NIST Compliance
Managed Security Services
Cyber Workforce Development
Resources
Blogs
Guides
Case Studies
Whitepapers
Copyright@Intersec, Inc.
Terms

Privacy