The Secure Manufacturing Cell (SMC) creates a controlled boundary between your CNC environment and your IT network — designed to reduce audit burden, eliminate USB-based transfer risk, and support a more defensible CMMC assessment boundary.
Works with the machines on your floor
The Real Risk
G-code isn't just machine instructions — it's hard-earned manufacturing know-how. It encodes proven cutting parameters, tooling data, feeds and speeds, plus the operational detail that machines the part accurately. In many cases, that file is more valuable than the model it came from — because it captures how the part is actually made.
A G-code file can be reverse-engineered back to a solid CAD model — giving someone not just the part geometry, but your entire manufacturing process. That's why the Department of Defense classifies G-code as Controlled Unclassified Information. Most IT environments protect the drawing. Very few protect the path from CAM to controller. That is the gap SMC is built to close.
Shows what the part looks like. Protected by most IT systems already.
Shows how you make it — process knowledge worth more than the geometry. Unprotected in most shops.
IT secures the office. Nobody secures the path from CAM to the controller. That's where SMC lives.
The Problem
CMMC requires organizations to implement 110 security controls across systems that handle controlled data. CNC controllers were never designed to meet those requirements directly.
Legacy controllers often run embedded environments that are difficult or impractical to patch, harden, or monitor
Every machine that receives CUI can expand your assessment burden
USB-based transfer leaves little or no attributable trail
Per-machine retrofits are expensive, complex, and often still incomplete
Creates one controlled boundary between your IT environment and the CNC floor
Centralizes transfer, logging, and access control
Provides evidence for who sent what, when, and to which machine
Replaces improvised workflows with a system designed for assessable control
Free Guide
Most shops understand the concept. Very few know how to implement scope reduction in a way an assessor will accept.
Understanding scope reduction is easy. Proving it during an assessment is where most shops fail.
The Reality Today
Most shops aren't careless. They just don't have a clean solution for a problem nobody built tools for — until now.
The USB drive in the top drawer
An operator carries a thumb drive from programming to the machine. No record of what was on it, who placed it there, or whether the file that ran matches what engineering approved.
The shared folder everyone can access
Programs sit on a network drive with broad or unmanaged access. Office staff, contractors, guests on the Wi-Fi — anyone on the network can potentially copy every G-code file you've ever written. No alerts. No logs. No way to know it happened.
The emailed program file
A programmer emails a G-code file to an operator because "it's faster." That file now sits in an email server, a sent folder, a download folder, and possibly a personal device. Five copies of controlled data with zero chain of custody.
The audit you can't answer
The assessor asks: "Show me who sent program 4217-Rev3 to machine #4, when it was received, and how you know the file was not changed." Without SMC, you're reaching for a paper log, a memory, or a guess.
None of these are unusual. All of them are audit failures waiting to happen.
See How SMC Solves This →How It Works
SMC sits between your network and your machines. The workflow doesn't change. The evidence behind it does.
SMC creates a controlled boundary between your IT environment and your CNC controllers, helping reduce direct exposure and supporting a narrower assessment boundary.
G-code moves from CAM to machine through SMC over an authenticated, controlled path. RS-232, Ethernet, and native protocol workflows are supported. No USB hand-carry required.
Every transfer creates a forensic record: operator, machine, timestamp, file identity, and integrity reference. On supported controllers, Transfer Proof adds execution-level evidence and detects machine-side changes for documented review.
SMC generates evidence-ready reports aligned to relevant NIST SP 800-171 controls, giving assessors a clearer record of how the workflow is controlled.
What You Get
Your operators learn it quickly. Your supervisors get visibility. Your assessor gets evidence.
The supervisor dashboard shows machine status, transfers, operators, and activity in one place.
Every file that touches a machine gets a traceable record that can be exported and reviewed.
SMC organizes transfer and workflow records into reports that support assessment preparation without hand-building every artifact.
A 30-minute demo shows how SMC fits your controller mix and shop layout — and turns file transfer into a controlled, traceable workflow.
Request a DemoNo generic walkthrough. We use your controller types, your protocols, and your workflow.
Complete Coverage
CMMC readiness has two sides: controlling how data moves through manufacturing, and building the policies, documentation, and evidence that complete the picture. SMC addresses the shop-floor workflow. LeBrun Management Solutions — our national compliance partner — helps organizations address the broader program around it. Remote assessments available anywhere.
Meet Our Partners →Who Built This
The team behind SMC spent decades in CNC environments — selling, supporting, training, and troubleshooting the exact machines defense manufacturers still run today.
SMC exists because most compliance solutions aimed at manufacturers were built by people who understood frameworks, but not controllers, protocols, or shop-floor reality.
This one was built from the floor up.
25
Years in CNC manufacturing
11
Controller families supported
~40
NIST controls addressed by one boundary system
1
Day to install — not months
"We didn't build SMC because we're a cybersecurity company trying to learn manufacturing. We built it because we're manufacturing people who saw a problem nobody else was solving correctly."
— Michael Reyes, Founder & CEO
That is not just a workflow. It is a compliance story you may have to defend.