Who needs SMC

CMMC 2.0 Level 2 Compliance
for CNC Manufacturing

Your CNC controllers weren't built to pass a cybersecurity assessment. SMC is built to close that gap.

Who this is for

Defense manufacturers and machine shops that handle Controlled Unclassified Information (CUI) in the form of G-code, NC programs, and technical drawings. These shops machine parts for the Department of Defense, prime contractors, and the defense supply chain.

The challenge

The Problem

What You're Facing

CMMC Level 2 assessment is mandatory to bid on DoD contracts

G-code files containing CUI move to CNC machines via USB drives, open network shares, or legacy software — none with a defensible audit trail

CMMC assessors identify the shop floor as the most common compliance gap

Legacy CNC controllers cannot support modern cybersecurity controls natively

What We Hear

"We're going to lose our DoD contracts if we don't pass CMMC."

"Our C3PAO says the shop floor is our biggest gap."

"We can't put endpoint protection on a Fanuc controller from 1998."

"USB drives are everywhere and we can't track who sent what."

How SMC helps

SMC's Answer

Controlled boundary architecture

SMC sits between your IT network and your CNC controllers. This architecture is designed to support moving CNC machines out of direct CMMC assessment scope, depending on how the environment is implemented and evaluated.

Encrypted transfer

G-code moves from programmer workstation to CNC machine through an encrypted, authenticated pipeline. Files are decrypted only in RAM at the point of use — never written to disk unencrypted.

Forensic audit trail

Every transfer is logged with file identity, cryptographic hash, timestamp, operator, and destination machine — providing evidence to support a scope reduction determination.

Works with your machines

RS-232, Ethernet, FOCAS, FTP, SMB — supports 12 controller families including machines from the 1990s through today. One day to install. No controller modifications. No production downtime.

NIST 800-171 controls

Key NIST Controls Addressed

SC.L2-3.13.11

FIPS-validated cryptography

SC.L2-3.13.16

CUI confidentiality at rest and in transit

AU.L2-3.3.1

System-level audit logging

AC.L2-3.1.1

Authorized access control

CM.L2-3.4.3

Configuration change tracking

MP.L2-3.8.1

Media protection

Ready to Close the Shop Floor Gap?

A 30-minute demo shows exactly how SMC fits your floor layout and controller mix.

Schedule a Demo → Download the Scope Reduction Guide Talk to Our CMMC Compliance Partner