A $20B global leader in motion and control technologies faced a mission-critical challenge: upcoming DoD programs and supply chain mandates from large primes required CMMC Level 2 certification. They needed to prove they could safeguard CUI with the same rigor they applied to manufacturing flight-critical components.
The company's 40+ divisions operated independently, each with different IT systems, security tools, engineering workflows, policies, and levels of NIST 800-171 maturity. Some units were close to audit-ready. Others lacked foundational documentation. They needed a unified, scalable approach to compliance — fast.
Stehrling delivered a structured, enterprise-wide readiness program built around four pillars:
Scope assessment across the enterprise, standardized policies and procedures, a unified SSP framework, and enterprise POA&M tracking.
Multi-factor authentication deployment, network segmentation, centralized logging and SIEM integration, and role-based access controls.
6,500+ employees trained on CUI handling, incident reporting, and secure engineering practices. Built an enterprise-wide security culture.
Multiple internal assessments mirroring third-party rigor, evidence collection and interview coaching, and division-level readiness scoring.
CMMC Level 2 certified on the first attempt
$2.4B+ in new DoD programs unlocked
6,500+ employees trained on CUI handling
Scalable framework for future division audits
Unified enterprise security posture
Strengthened position as trusted DIB supplier
A solutions-focused federal contractor supporting mission-critical defense programs needed to achieve CMMC Level 2 to continue safeguarding CUI. With evolving DoD requirements and the operational complexity of compliance, they turned to Stehrling for expert advisory and readiness support.
The organization faced several critical challenges: ensuring full alignment with all 110 NIST SP 800-171 requirements, establishing a repeatable compliance governance structure, closing documentation and evidence gaps ahead of a C3PAO assessment, and coordinating cybersecurity, IT, leadership, and operations stakeholders under a unified strategy.
They needed more than technical guidance — they needed a partner who could translate regulatory expectations into actionable activities without disrupting ongoing mission operations.
Stehrling deployed an experienced team of CMMC and NIST 800-171 practitioners through a structured, transparent, and measurable readiness program.
Full evaluation against all 110 NIST 800-171 requirements — identifying technical control deficiencies, documentation gaps, evidence shortcomings, and process inconsistencies. Delivered a prioritized, risk-based remediation roadmap.
Helped the organization strengthen identity & access management, logging, and incident response capabilities. Updated and created policies, procedures, and system security documentation. Produced required artifacts and objective evidence for assessment.
Conducted internal mock interviews and evidence walkthroughs, prepared subject matter experts for assessor questioning, validated evidence readiness for every control, and coordinated pre-assessment logistics.
Passed official CMMC Level 2 assessment
Full alignment with DoD cybersecurity requirements
Mature cybersecurity governance structure
Sustainable long-term compliance posture
Renewed eligibility for DoD contracts involving CUI
Strengthened trust with defense partners
With more than $900M in annual research activity, thousands of faculty and graduate researchers, and a rapidly expanding portfolio of DoD-funded projects, one of the nation's premier SEC universities needed to modernize and secure its hybrid cloud environment spanning Azure, AWS, and on-premise systems. They selected Stehrling to lead the CMMC readiness initiative.
Unlike traditional enterprises, major research universities operate as federations of semi-autonomous units. Each college, lab, and research center had its own cloud workloads, identity and access management practices, data-handling procedures for CUI, and security maturity levels. The university needed a unified, enforceable security baseline — without disrupting ongoing research or slowing down grant-funded project timelines.
Stehrling designed a tailored, cloud-focused readiness program built around the realities of higher education and cloud-native research environments.
Mapped the university's cloud architecture, identified CUI boundaries, and established a defensible compliance scope aligned with NIST 800-171.
Built a cross-campus governance model, standardized policies, and created a centralized SSP and POA&M structure that every research unit could follow.
Strengthened identity governance and MFA enforcement, FedRAMP-aligned configurations in Azure Gov and AWS GovCloud, centralized logging, monitoring, and SIEM integration, and secure virtual research environments for faculty and graduate teams.
Delivered targeted training for principal investigators, IT teams, and researchers. Conducted a full mock assessment and evidence reviews to prepare for C3PAO evaluation.
Fully documented, assessor-ready CMMC Level 2 environment
Secure, standardized cloud enclave for all CUI research
Zero-trust alignment and stronger identity governance
Repeatable framework for future DoD-funded projects
Unified security posture across previously siloed units
Positioned as trusted DoD research partner
A trusted provider of essential services and solutions supporting Defense, Citizen Services, and Transportation customers across the globe — with more than 10,000 employees and 100+ operational sites across the United States, Canada, and abroad — needed a clear, actionable path to CMMC compliance across a complex and highly distributed environment.
The organization operates large-scale, multi-domain programs — each with unique data flows, technical environments, and operational requirements. Preparing for CMMC required a comprehensive review of cybersecurity controls across numerous business units, consistent interpretation of requirements aligned with a complex enterprise architecture, and a prioritized remediation roadmap — all while minimizing disruption to active mission operations.
They needed a partner with deep regulatory expertise and the agility to navigate a highly federated organization.
Stehrling collaborated closely with stakeholders across security, IT, compliance, and program teams to deliver a full-spectrum CMMC Gap Assessment focused on accuracy, transparency, and long-term program maturity.
Structured interviews, technical analyses, and documentation reviews across the organization to fully map all CUI-relevant environments and data flows.
Each applicable CMMC practice evaluated against the organization's existing compliance posture — with clear evidence requirements, control interpretations, and impact scoring.
Identified strategic and tactical gaps spanning technology, processes, policy, and governance. Recommendations prioritized by risk, effort, and contract-criticality — then packaged into a phased remediation roadmap aligned to the organization's operating structure.
Delivered unified findings and readiness reporting to help senior leadership plan resource allocation with confidence and visibility into compliance risks and dependencies.
Clear enterprise-wide picture of CMMC readiness across all programs
Prioritized remediation actions that reduced uncertainty and accelerated preparation
Improved cybersecurity posture across critical mission programs
Standardized documentation and processes ready for future assessments
Enhanced leadership visibility into compliance risks and dependencies
Positioned to confidently pursue CMMC certification and protect DoD contract eligibility
Talk to a CMMC expert. We'll tell you exactly where you stand and what it takes to get certified.
Talk to a CMMC Expert →
An independent firm focused exclusively on CMMC compliance for defense contractors and the DIB.