NH MEP, with the support of its third-party service provider Mainstay Technologies, took Baron Machine Company through the requirements of CMMC, beginning with phase one, a gap analysis, and then performing phase two, reviewing policy, procedures and program design. For the gap analysis the Mainstay Information security team worked with Baron Machine Company to perform an assessment and identify compliance, noncompliance or partial compliance with each of the 110 components required of CMMC. After this review Mainstay provided Baron Machine Company with a compliance report, along with in-person and over the phone consultations about the findings. This included consultation on a plan of action and milestone creation (POAM). For phase two the Mainstay Information Security Team created the appropriate corporate information security policies, procedures, strategies and plans for Baron Machine Company to align their operations with CMMC. Mainstay also made cost-effective, CMMC compliant technical mitigation recommendations.