Success Story: Saxon Machine Strengthens Cybersecurity Preparedness with CMMC Level 2 Support
Company Profile:
Saxon Machine & Design is a Maryland-based precision manufacturing company serving the defense and aerospace industries. Known for its commitment to quality and reliability, Saxon Machine & Design provides critical machined components and assemblies to customers operating in highly regulated sectors. With growing demand for cybersecurity compliance among Department of Defense (DoD) contractors, the company recognized the importance of aligning its systems and operations with evolving federal security standards to remain competitive in the defense supply chain.
The Situation:
As the Cybersecurity Maturity Model Certification (CMMC) framework became a requirement for defense contractors, Saxon Machine & Design identified a gap in internal cybersecurity readiness. Although the company had several policies and practices in place, it lacked the documentation, procedures, and training necessary to demonstrate compliance with CMMC Level 2 and NIST SP 800-171 controls. Without intervention, this posed a risk to current and future contracts. The company needed expert guidance to assess its cybersecurity posture, educate internal teams, and develop a formal plan to reach and sustain compliance.
The Solution:
To address this challenge, Saxon Machine & Design partnered with Maryland MEP and Kaizen Approach to implement a tailored CMMC Level 2 Training and Mitigation Support engagement. The project Virtual CISO advisory services and training delivered by a cybersecurity expert. The support provided a comprehensive set of deliverables, including a System Security Plan (SSP), a Plan of Actions and Milestones (PoAM), 18 security policies, and multiple procedures aligned with the company’s IT infrastructure. The engagement also involved training for staff and management on CMMC Level 2 controls, guidance on cybersecurity architecture, and hands-on assistance with configuring critical services such as Security Information and Event Management (SIEM) tools. Saxon Machine & Design also received help calculating its Supplier Performance Risk System (SPRS) score and preparing for a potential audit through technical recommendations and documentation support.
“Working with Maryland MEP gave us clarity and direction in navigating CMMC Level 2 compliance. Their partnership, along with Kaizen’s technical expertise, helped us identify what we were already doing well, and where we needed to improve. The hands-on training and policy development made a big difference in getting our team aligned with cybersecurity best practices.”
— Jacob Saxon, Owner of Saxon Machine & Design.
The Results:
Through this initiative, Saxon Machine developed a complete System Security Plan and began executing a strategic path to CMMC Level 2 readiness. The training enhanced employee awareness of cybersecurity practices, while the new policies and technical procedures significantly reduced gaps in compliance. The company improved its Supplier Performance Risk System (SPRS) score, a critical metric in qualifying for Department of Defense contracts, and is now well-positioned for a successful audit.
As a result of these improvements, Saxon Machine retained an estimated $100,000 in existing defense-related sales that were at risk without documented compliance. Additionally, the company reported $15,000 in avoided costs by reducing reliance on external IT consultants through in-house capability building. Two internal team members assumed greater responsibility in security and compliance oversight, supporting retention of key skilled positions. The company also identified a potential future investment of $30,000 in upgraded cybersecurity infrastructure as a direct outcome of the training and technical recommendations received.
Overall, the engagement significantly improved the company’s cybersecurity resilience, protected critical revenue streams, and expanded its competitiveness within the regulated defense manufacturing sector.
