How It Works

Four Steps from Exposed
to Compliant

SMC sits between your network and your machines. Nothing changes on the floor — everything changes for the assessor.

What a transfer looks like

SMC transfer sequence: Encrypted, Transmitted, Verified, Executed, Logged
1

Isolate

SMC creates a technical boundary between your IT network and your CNC controllers. This architecture supports a narrower, more defensible assessment boundary.

2

Transfer

G-code moves from CAM to machine through SMC — encrypted, authenticated, and logged. RS-232, Ethernet, or native protocol. No USB drives.

3

Prove

Every transfer gets a forensic record — who sent it, which machine received it, when it ran, and a cryptographic hash for integrity reference.

4

Report

SMC generates a compliance report for every transfer — tagged to NIST 800-171 controls. Your assessor gets the evidence package without you building it by hand.

Before and after

What Changes for the Assessor

The assessor doesn't evaluate your CNC controllers. They evaluate SMC — a purpose-built compliance boundary that handles the controls your machines can't.

Without SMC

Every machine that touches CUI is in CMMC scope

Assessor asks for patching, antivirus, access controls on each controller

No audit trail for file transfers

USB drives create uncontrolled data paths

With SMC

Machines behind SMC are out of direct assessment scope

Assessor evaluates one controlled boundary, not every machine

Complete forensic audit trail for every transfer

No USB drives — encrypted, authenticated transfers only

Compliance mapping

NIST 800-171 Controls SMC Addresses

SMC generates evidence mapped directly to NIST 800-171 control families. Your assessor sees the controls satisfied, not a stack of spreadsheets.

Access Control (AC)

Authenticated operators. Role-based access. No anonymous file transfers.

Audit & Accountability (AU)

Immutable transfer logs with timestamps, operator identity, file hashes, and destination machine.

Configuration Management (CM)

Controlled baseline. File integrity verification. No unauthorized modifications.

Identification & Auth (IA)

Every operator authenticates before transferring files. No shared logins.

Media Protection (MP)

Encrypted transfers replace uncontrolled USB media. Automatic purge after delivery.

System & Comm Protection (SC)

Encrypted channel between network and controller. Data at rest and in transit is protected.

Ready to See It in Action?

A 30-minute demo shows exactly how SMC fits your floor layout and controller mix.

Request a Demo Download the Scope Reduction Guide