Abrams Airborne Manufacturing Strengthens CMMC Readiness with Arizona MEP’s Cybersecurity Support

As Abrams’ defense work grew, the need to strengthen cybersecurity controls to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) also increased. Although the company had a basic foundation, leadership did not have full confidence that it met the extensive requirements of the Cybersecurity Maturity Model Certification (CMMC). With a small internal IT team supported by a managed service provider, the company needed a structured, cost-effective approach to ensure compliance without adding significant overhead.

“We’re a growing defense supplier,” said Calley Carpenter, Chief Executive Officer. “Our concern was how to meet these requirements at the highest level without adding excessive overhead that would strain our business.”

Abrams had previously worked with Arizona MEP on technical training, including leadership development and soldering. When it came time to address CMMC, they again turned to Arizona MEP for a comprehensive, phased approach tailored to their needs.

Arizona MEP began the cybersecurity engagement in December 2024, guiding the company through a structured process that included:

• A comprehensive assessment aligned with NIST SP 800-171 requirements
• Development and updates to more than a dozen cybersecurity policies
• Expansion of a robust incident response plan and facilitation of realistic tabletop exercises
• Network mapping and support in defining a secure architecture
• Clarification of requirements, prioritization of IT projects, and assistance with operationalizing compliance

This step-by-step support provided clarity without unnecessary technical jargon, helping Abrams understand exactly what needed to be done and why.

The Results

With Arizona MEP’s guidance, Abrams transformed its cybersecurity policies. Every employee—from engineers to production staff to custodial team members—received training, significantly increasing company-wide awareness of cybersecurity responsibilities. Updated policies, clear procedures, and hands-on exercises strengthened internal capabilities and gave the IT team greater knowledge and confidence.

“This process significantly strengthened our internal staff’s capabilities,” said Carpenter. “Instead of sending people to a one-day training session and hoping it fits our processes, we now have tailored systems, stronger procedures, and a better understanding throughout the company.”

The company is now confident in its ability to self-certify and maintain compliance, and it has added a full-time IT role to support its security infrastructure. Abrams also plans to send additional employees to Arizona MEP leadership training, continuing a partnership that supports both workforce and operational excellence.