Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Pioneers of the CMMC 2.0 Level 2 Certification

With the help of: TMAC


Aero-Glen International, LLC is a privately-owned small business established in 1976. Located in North Fort Worth, their focus is hardware distribution, build-to-print parts (including machined and sheet metal parts and assemblies) along with value-added supply chain services (including kitting and bin management). Aero-Glen provides key components to the Department of Defense (DOD) defense industrial base (DIB).

The Challenge

A major defense prime contractor approached TMAC’s Col. Darold Tippey (Ret.) and Ghassan Khatib to work with Aero-Glen on the preparation for their upcoming cybersecurity assessment. TMAC, part of the MEP National Network™, was able to conduct a pre-assessment before the third-party audit by using funds from the Advanced Manufacturing Technology Services (AMTS) grant. Because of the level of detail and dedication necessary for achieving CMMC 2.0 Level 2 certification, successfully passing the assessment is a huge accomplishment for any company, especially for small companies like Aero-Glen with under 100 employees.

Over the past two years Aero-Glen has been developing their cybersecurity system and in 2022 they volunteered to undergo the Joint Surveillance Voluntary Assessment Program. The voluntary assessments are jointly conducted by CMMC-AB accredited third party assessment organizations and the DOD’s Defense Industrial Base Cybersecurity Assessment Center (DIBCAC). A successful assessment qualifies Aero-Glen for CMMC 2.0 Level 2 certification, which allows them to sustain existing DOD contracts under current DFARS and pre-qualifies them for future ones.

Cybersecurity is a critical component of how we approach our markets, service our customers and integrate with our daily processes. The TMAC team was great in taking a pragmatic approach to a complex set of requirements, and proved we can achieve a sustainable cybersecurity program while enabling the business.
— Zbigniew Kaniewski, Vice President IT and Continuous Improvement

MEP's Role

CMMC 2.0 is primarily based on NIST SP 800-171 guidelines. Together with Aero-Glen, TMAC covered each category of NIST SP-800-171 to determine the minimum defined expectation from NIST and DOD. TMAC used CMMC ePU Reference Documentation and tools licensed from DTC Global to provide definitive guidance.

TMAC relied on these tools, its deep understanding of NIST SP-800-171, the TMAC assessment methodology and Darold Tippey’s 29 years of military experience in information security to review Aero-Glen’s business processes and control measures. During this assessment the combined Aero-Glen TMAC team identified and corrected areas of deviation in interpretation, handling of and response to required controls, identified potential gaps in compliance and refined the system. They used CMMC ePU Reference Documentation to develop "overwhelming evidence" of their compliance as they addressed gaps and non-conformities. By studying Aero-Glen’s operations and processes, IT infrastructure, and the quality management system, the team d worked effectively to pass the assessment.

Created November 2, 2022