Case Study: DoD Manufacturer Gets CMMC Compliant
Sept. 11, 2025
By Tracey Birkenhauer, journalist and Chief Impact Officer, STACK Cybersecurity
Executive Summary
Taylor Turning, a precision manufacturer in Wixom, Michigan, sought more than standard IT support. They needed a strategic partner to build a secure, scalable IT infrastructure while addressing immediate cybersecurity concerns. Then they realized they also needed help with Cybersecurity Maturity Model Certification (CMMC) for their military contracts. This case study examines how STACK Cybersecurity delivered comprehensive solutions that enabled Taylor Turning to focus on manufacturing while ensuring their IT systems remained secure and reliable.
STACK Cybersecurity provides full-service IT help desk and cybersecurity solutions to Taylor Turning since the manufacturer has no dedicated IT staff.
Webinar Recording
Michigan Manufacturing + Cybersecurity: A CMMC Success Story, hosted by the National Cybersecurity Alliance with STACK Cybersecurity and Taylor Turning.
Background
As a small precision machining company that supplies parts to military contractors, Taylor Turning manages Federal Contract Information (FCI). As such, CMMC Level 1, which covers basic cyber hygiene practices, is required to continue doing business with the Department of Defense. FCI is defined as information not intended for public release that is provided by or generated for the government under a contract to develop or deliver a product or service to the government.
The manufacturer's primary compliance objective was to protect their data and meet the 15 baseline security practices defined by FAR 52.204-21, the federal rule for basic safeguarding of contractor information.
Taylor Turning recognized the importance of not only addressing current cybersecurity needs but also laying the groundwork for long-term IT resilience. Rather than settling for a transactional vendor relationship, they sought a strategic partner, one that could evolve with their business. That partner became STACK Cybersecurity.
STACK Cybersecurity managed the CMMC project, starting with a comprehensive security assessment. This included network vulnerability scans, policy reviews, and interviews to gauge current practices.
The results showed gaps in basic controls. For example, the initial scan of 10 assets found 524 security vulnerabilities (307 high-risk, 179 medium, and others), a typical situation when systems haven't been rigorously maintained. Many PCs lacked updates, one had no encryption, and weak passwords were common.
An authorized CMMC Registered Practitioner Organization (RPO), STACK Cybersecurity created a remediation roadmap not just to report problems but to fix them. Over about six months, STACK worked side by side with Austin to close every major gap identified. This meant applying patches, updating configurations, deploying security tools, and customizing policy templates.
Austin Ritz
Operations Manager, Taylor Turning
From day one, they have made us feel incredibly safe and supported in all our IT needs. They are not just a service provider but a partner who truly cares about our business.
Partnership Rooted in Trust, Transparency
From the outset, the partnership was rooted in trust, transparency, and a shared vision for sustainable growth. Austin spearheaded Taylor Turning's CMMC Level 1 compliance project internally, coordinating policy updates, technical changes, and employee training with STACK's support.
"Don't be paralyzed by the scope of cybersecurity and compliance challenges," advises Rich Miller, Founder and CEO of STACK Cybersecurity. "Start with the basics, and seek help where needed. Many manufacturers are still running on outdated, insecure systems, and a majority have been slow to make improvements due to cost or misunderstandings. But Taylor Turning's experience shows that with management commitment, employee engagement, and the support of security professionals, even a business with antiquated equipment can transform its cybersecurity baseline markedly for the better."
In short order, STACK reduced the vulnerability count from 524 to just 85. All critical and the majority of medium findings were resolved, a significant improvement in network security. STACK then implemented full disk encryption on 90% of devices, up from only 18% initially, leaving only one older machine unencrypted due to a hardware limitation. This eliminated a major data protection risk.
STACK also rolled out a password manager and enforced stronger credentials. Within a month, not one user had a weak password and all employees moved to authenticated password vaults.
STACK then delivered security awareness training to all staff. Everyone completed training, and phishing simulations saw zero clicks on dummy phishing emails, demonstrating real cyber hygiene improvements.
"As the client, I especially appreciated the project management structure," Austin said. "STACK helped prioritize tasks, set up weekly check-ins, and provided a tracker for all CMMC requirements. We had a CMMC Tracker that listed each required control and its status. I was the owner for many items on that list, and we'd mark them off one by one as needs were met."
When Was Your Last Cybersecurity Risk Assessment?
STACK Cybersecurity provides comprehensive cybersecurity risk assessments, or CSRAs. We meticulously identify and evaluate vulnerabilities and risks within your company's IT environment. We'll assess your network, systems, applications, and devices. Then we and provide a detailed report and action plan to improve your security posture. Don't wait until it's too late.
Email: info@stackcyber.com
Phone: (734) 744-5300
Contact Form
Security Posture Dramatically Improved
To highlight one concrete outcome: Taylor Turning had a policy gap for media sanitization. With STACK's help, they drafted a Secure Media Destruction Policy that outlines how to destroy USB drives, hard disks, and other storage media according to CMMC Level 1 standards. That was a compliance checkbox, but also a cultural change. Now everyone knows old storage devices must be properly destroyed.
This compliance project was a strong example of collaboration. Austin took charge of internal tasks like policy adoption and getting leadership buy-in, while their outsourced IT provider offered technical support and expert guidance. In the end, the project team remediated all identified high-risk security gaps, and Taylor Turning met every CMMC Level 1 practice. The improvement was evident in their quarterly security report: their overall security posture score moved from a "C" average to the "A/B" range in multiple categories after this project.
By hiring and trusting STACK Cybersecurity to manage the manufacturer's IT, cybersecurity, and compliance, Taylor Turning went from vulnerable to a much safer state by focusing on cyber hygiene. That's what Level 1 is all about, with practices such as using antivirus, strong passwords, access controls, backups, and user training.
Strengthen Cyber Hygiene Now
What Taylor Turning achieved is proof that small manufacturers can dramatically improve security without enormous budgets. Basic steps matter. Up to 90% of cyberattacks can be thwarted by employing basic measures.
"From our perspective, Taylor Turning's success is a strong case study," Miller said. "It demonstrates that remediation-focused compliance works. In fact, our blog about becoming a CMMC RPO highlights that we not only assess but also remediate issues. We've shown that even a small manufacturer with no IT staff can reach compliance with dedicated, outsourced support."
The takeaway for any business in the defense industrial base (DIB): start strengthening your cyber hygiene now. Every improvement is a step toward compliance and a step toward safeguarding your business and the broader ecosystem. Security is a journey, not a destination, and CMMC Level 1 can be the first milestone on that journey.
About STACK Cybersecurity
STACK Cybersecurity provides comprehensive IT security solutions designed for growing businesses. With a focus on proactive protection, strategic partnership, and exceptional service, STACK helps clients transform their security posture while enabling their business objectives. STACK is a CMMC Registered Practitioner Organization (RPO).
For more information on how STACK Cybersecurity can help your business achieve operational excellence through proactive IT security, contact our team today.
Ready to Start Your CMMC Journey?
STACK Cybersecurity is a CMMC Registered Practitioner Organization serving defense suppliers throughout Michigan. We handle assessment, remediation, documentation, and ongoing compliance support so your team can stay focused on manufacturing.
View CMMC compliance services or reach out directly.
Email: info@stackcyber.com
Phone: (734) 744-5300