AS9100 and ITAR Don't Cover CMMC
CMMC Level 2 is a separate cybersecurity requirement, and primes are starting to flow it down.
Get the free 12-point checklist
Your quality and export-control certifications are strong. CMMC Level 2 assesses a different control set entirely, NIST SP 800-171, and it's starting to show up as a flow-down clause in prime contracts. Shops that wait until a prime asks usually don't have time to catch up.
This checklist tells you exactly where shops your size typically fall short, before it costs you a contract.
What's inside
- Administrative controls: SPRS score, System Security Plan, POA&M
- Technical controls: MFA, CUI encryption, network segmentation
- Physical and response controls: physical access logs, incident response and the 72-hour DoD reporting clock
No spam, unsubscribe anytime. Reply STOP to any email to opt out.
Want a real CMMC gap assessment done?
Fixed-fee, sized for shops your size, producing an actual SSP and POA&M, not enterprise pricing.
Book a Free 30-Minute Readiness Check