CMMC Compliance Journey
CMMC Level 2 Readiness Case Study
Allan Aircraft Supply Co. LLC — Structured CMMC Self-Assessment, Documentation & Ongoing Level 2 Support
Overview
A defense supply chain partner preparing for CMMC Level 2 compliance and long-term contract eligibility.
Client
Allan Aircraft Supply Co. LLC
Industry
Hydraulic Equipment Supplier — Los Angeles, California
As CMMC requirements became mandatory for organizations handling Controlled Unclassified Information (CUI), Allan Aircraft Supply needed a structured and defensible path toward CMMC Level 2 readiness. Without formalized documentation aligned to NIST SP 800-171, future defense-adjacent contract opportunities were at risk.
We conducted a comprehensive CMMC self-assessment, defined the assessment boundary, mapped CUI data flows, and built a complete compliance documentation framework — including a tailored System Security Plan (SSP), domain-aligned policies and procedures, POA&M tracking, and structured evidence templates. This created a clear remediation roadmap and positioned the organization for a future <strong>C3PAO assessment</strong>.
The result: improved cybersecurity maturity, documented compliance posture, reduced audit risk, and a sustainable path toward maintaining CMMC Level 2 certification readiness.
Challenges
What We Delivered
Needed a clear CMMC Level 2 readiness plan and a structured way to evaluate current cybersecurity practices.
Facilitated a guided CMMC self‑assessment aligned to NIST SP 800‑171, documenting current state, gaps, and a prioritized remediation roadmap.
Compliance documentation was incomplete or not organized for assessment readiness.
Created a CMMC documentation suite including SSP, policies and procedures mapped to domains, POA&M tracking, and evidence templates to support consistent proof collection.
Scope definition and CUI handling required clarity to reduce risk and avoid over‑scoping.
Mapped CUI data flows, defined assessment boundary, and provided practical segmentation/architecture guidance to protect systems that store, process, or transmit CUI.
Needed ongoing support to prepare teams for evidence walkthroughs and future assessment interviews.
Provided continuous readiness support, lightweight training, and implementation guidance to help maintain controls and prepare for a C3PAO assessment.
Results
Allan Aircraft Supply completed a structured self-assessment and now has a documented roadmap toward CMMC Level 2 readiness. The engagement produced a complete documentation and evidence framework to support implementation, internal accountability, and future assessment preparation.
Key Deliverables
CMMC Self‑Assessment Package
Assessment workshops, control mapping to NIST SP 800‑171, gap analysis, and a prioritized remediation roadmap.
System Security Plan (SSP)
A tailored SSP documenting how systems protect CUI, including boundary, responsibilities, and control implementation statements.
Policies & Procedures Across Domains
Practical, adoptable policies and procedures aligned to CMMC Level 2 domains so controls are repeatable and auditable.
POA&M + Evidence Framework
POA&M tracking for remediation, plus evidence templates (logs, screenshots, training records, tickets) to support assessment readiness.
Ongoing Level 2 Readiness Support
Continued advisory support to validate implementation, update documentation, and prepare for future C3PAO assessment activities.
