The 21 Most Common CMMC Technology Projects

Are you getting ready to start down the path of getting your CMMC certification?

Based on our recent NIST 800-171 / CMMC projects, here are the 21 most common technology projects that we see companies needing to implement in order to comply.

1. Windows 10 on all PCs where possible.  In-support versions of all server OS and software (e.g., SQL Server).
2. If older computers are still required (e.g., to drive equipment), very strict network segmentation and no/limited Internet access.
3. All computers and servers configured (at least partially) to the appropriate STIGs
4. There will be a TON of new GPOs that need to be added.  If you’re not on a domain, plan to add one.
5. 2FA everywhere: local access, VPN/remote access, OWA, etc.
6. More refined network segmentation.  Some companies opt to deploy a NAC.
7. Secure file sharing system (if they’re sharing data internally or with external parties)
8. Tons of physical security controls (cameras, locks, sometimes badges, systems for tracking visitors, etc.)
9. Managed encryption everywhere
10. Mobile device management — definitely on phones and tablets, ideally on workstations too
11. Generally, no cloud services handling CUI unless you’re in Microsoft 365 GCC High
12. Wifi access points using FIPS 140-2 encryption
13. HDD shredding, usually through a NAID-certified service
14. Business-class firewall with security services enabled and reviewed
15. At a minimum, firewall logging to a SIEM, with either a SOC service or anomaly detection algorithms
16. EDR solution or MDR solution on top of the antivirus that you should already have.
17. Blocking file sharing services / apps
18. Migrating all users to Standard accounts
19. USB lockdown and other DLP measures
20. Offsite backup
21. Segregation of data in the ERP system and in shared drives

Want help with your NIST 800-171 / CMMC project?  Learn more about what we do here.

What our clients say

We hired Adelia Risk as our CMMC compliance consultant, and they delivered exactly what we needed — clear guidance, real expertise, and zero fluff.

They identified gaps, prioritized remediation, and built the documentation we actually needed (SSP, POA&M, policies, evidence collection) while keeping things practical for a real business environment.

Communication was fast, timelines were met, and every recommendation came with a clear “why” in plain English. They didn’t hand us a checklist and vanish.  They stayed engaged and made sure we understood what to do next. Highly recommend.  

Steven R., CMMC Client
Military Manufacturer from Michigan

We engaged Adelia Risk as our CMMC compliance consultant early in our journey, and they were incredibly patient as we went through the “discovery learning” phase.

Despite some self-induced setbacks on our end, they’ve always been available, prompt, and willing to go out of their way to help us reach compliance.

They’re more than a vendor — they’re an extension of our team. When answers aren’t immediately available, they research it and follow up with clear direction. That commitment to getting it right is what sets this CMMC compliance service apart.

Scott F., CMMC Client
Defense Contractor from Montana