// ADVISORY · JUL 13 CMMC Phase II suspended pending a 60-day DoW review — third-party audits on hold. Still binding: DFARS 7012 · NIST 800-171 · SPRS. New CIO guidance: Brilliant Basics. How AEGIS maps to it ↓ Our analysis ↗ All the Way Down ↗ DoW release ↗
// AEGIS-DIB  |  CMMC compliance for small DIB manufacturers  |  Raleigh, NC

Compliance
you can prove.

An on-premise appliance that keeps small defense manufacturers continuously compliant — NIST 800-171, SPRS, CMMC Level 2 readiness, and the new Brilliant Basics — with cryptographically signed, independently verifiable evidence. Honest about what it proves. Right-sized for shops that don't need a SOC.

300+
800-171A Objectives Mapped
Signed
+ Merkle-Anchored Evidence
0
Cloud Telemetry
20+
Years Infrastructure
60-DAY
CMMC Review — 800-171 Still Binding
CMMC LEVEL 2 · NIST SP 800-171 · SIGNED EVIDENCE · MERKLE-ANCHORED · ASSESSOR-VERIFIABLE · SSP & POA&M · CUI HANDLING · ON-PREM APPLIANCE · HARDWARE-BACKED SIGN-OFF · NETWORK SEGMENTATION · ZERO CLOUD TELEMETRY · 800-171 STILL BINDING · BRILLIANT BASICS · CMMC LEVEL 2 · NIST SP 800-171 · SIGNED EVIDENCE · MERKLE-ANCHORED · ASSESSOR-VERIFIABLE · SSP & POA&M · CUI HANDLING · ON-PREM APPLIANCE · HARDWARE-BACKED SIGN-OFF · NETWORK SEGMENTATION · ZERO CLOUD TELEMETRY · 800-171 STILL BINDING · BRILLIANT BASICS ·
"Most compliance is a binder of claims.
Ours is signed proof.
Evidence an assessor can re-check themselves — not a vendor's word."
01 //
Signed & anchored Every check is producer-signed and Merkle-anchored. Tamper-evident by construction — the difference between a screenshot and proof.
02 //
An independent verifier A CLI your assessor runs to re-check the entire evidence chain. Verification doesn't require trusting us.
03 //
Honest by design Each control is labeled by how it's proven. The console never shows green it can't defend in an assessment.
04 //
People, provably Real staff sign adopted policies with hardware-backed passkeys. Identity is cryptographic, not asserted.

The new guidance,
already provable.

With Phase II audits suspended, the DoW CIO pointed the DIB back at fundamentals — Brilliant Basics. No certification gate, no audit calendar: security you actually practice. But your obligations didn't pause — DFARS 7012, 800-171, and your SPRS score remain binding, and a signed score is a federal representation with False Claims Act exposure to match. Which leaves exactly one question — can you prove what you signed? Here is the IT Top 10 against what AEGIS evidences today, labeled with the same honesty our console uses. We never claim green we can't defend.

BASIC 01 LIVE TELEMETRY
Phishing-Resistant MFA

MFA posture read continuously from every enrolled host — authenticator types classified conservatively, phishing-resistant vs legacy, per machine.

BASIC 02 LIVE TELEMETRY
Comprehensive Asset Inventory

Devices, accounts, software, and the network services your enclave actually talks to — inventoried from live telemetry and signed. Not a spreadsheet.

BASIC 03 PARTIAL
Strategic Technical Debt Reduction

Patch posture and software inventory evidenced today; end-of-life flagging is on the near roadmap.

BASIC 04 ATTESTABLE
Flexible Technology Stack

A posture you declare — AEGIS anchors the declaration with the accountable owner's signature and keeps its history.

BASIC 05 LIVE TELEMETRY
Logical Segmentation

Your CUI boundary declared and anchored; passive flow logging watches what actually crosses it. Limits lateral movement you can demonstrate.

BASIC 06 PARTIAL
Risk-Based Vulnerability Management

Vulnerability posture from host telemetry; risk decisions recorded as signed, dated history — defensible diligence, not a binder.

BASIC 07 ATTESTABLE
Security Early in the Dev Lifecycle

For shops that ship software: policy-attested, signed by the accountable person, re-opened automatically when the policy drifts.

BASIC 08 PARTIAL
Secure AI Adoption & Data Protection

The wire already knows which AI services your network talks to — AEGIS observes DNS and TLS and can show you. Most shops are surprised.

BASIC 09 PARTIAL
Resilient Backup & DR

Backup posture via host readers; restore-test attestations anchored with dates and named, signing people.

BASIC 10 PARTIAL
Continuous Workforce Readiness

Training and awareness attestations tied to real, enrolled people with hardware-backed signatures — not a sheet of initials.

LIVE TELEMETRY machine-evidenced from hosts and network today  ·  PARTIAL telemetry exists, coverage growing  ·  ATTESTABLE declared & signed, watched for drift — the same labels the console itself shows an assessor.

Not a deck.
A working console.

AEGIS turns 110 controls and 320 objectives into a guided path a one-person shop can actually run — a real SPRS score from live evidence, the single highest-impact next action, and, for the controls a sensor can't prove, real policies generated from your own environment, signed with a passkey and Merkle-anchored. Here it is, working.

AEGIS Start here — the guided compliance path with a live SPRS score
One screen, one next stepConnect → Scope → Close the gaps → Sign → Assessment-ready. A live SPRS score and the single highest-impact action — no guesswork, no AI hand-waving. The whole guided path, on one page.

Assembled to
your compliance scope.

Every engagement starts with Module 01 — visibility is the foundation. Additional modules are added based on your assessment findings and the controls you need to close. Each module maps explicitly to CMMC control families, with sensible network hardening included along the way.

MODULE 01 // FOUNDATION · ALWAYS INCLUDED
Intelligence-Driven Visibility
On-box processing · Zero cloud telemetry · CMMC AU · CA · SI

Full network and endpoint visibility. Passive traffic analysis, beacon detection, and endpoint behavioral monitoring — all processed on hardware in your facility. No vendor cloud. No subscription dependency.

  • Zeek full network connection logging
  • Suricata IDS with custom DIB signatures
  • RITA beacon & C2 pattern detection
  • Endpoint behavioral monitoring + file integrity
  • Native host agents → signed, Merkle-anchored compliance evidence
  • Compliance console (HTTPS, per-user auth, CUI theme)
MODULE 02 // MODULAR SUB-PACKAGES
Perimeter Hardening
Mix and match · CMMC SC · AC control families

Most defenses watch what comes in. We watch what goes out, pin DNS to controlled resolvers, lock down every remote access door, and clean up firewall rules nobody has touched in a decade.

  • 02-A Egress filtering policy
  • 02-B DNS hardening + tunneling detection
  • 02-C Remote access audit + MFA enforcement
  • 02-D Firewall rule audit + cleanup
  • 02-E Network segmentation + VLAN design
MODULE 03 // CMMC AC · IA FAMILIES
Identity & Access Control
Credential theft is the most common lateral movement vector

MFA, privileged access hardening, and account auditing close the door most attackers walk through first. Integrated with your existing AD or M365 — no rip and replace.

  • MFA deployment and enforcement
  • Privileged access review + tiering
  • Account inventory and audit
  • Identity reconciliation — accounts mapped to real people, hardware-backed sign-off
  • Password policy enforcement via GPO
  • Session logging + anomaly alerting
  • M365 security baseline (optional)
MODULE 05 // DIB-SPECIFIC · HUMAN-CURATED
Threat Intelligence
DIB-relevant indicators · Human-curated · MISP integration

Detection tuned to the indicators that actually matter for small DIB shops — curated by a human, not a generic vendor feed. An optional layer for clients who want monitoring beyond the compliance baseline.

  • MISP threat intelligence platform
  • DIB-tuned Suricata ruleset
  • DIB-specific threat indicator feeds
  • Geopolitical context-driven rule updates
  • ISAC feed integration
MODULE 06 // CMMC IR FAMILY
Incident Response
When, not if · Forensic capability · Evidence preservation

When something happens — and it will — you need forensic capability, a documented response process, and evidence that survives legal and regulatory scrutiny. Module 06 ensures you're not building the plan during the crisis.

  • Written incident response plan (tailored)
  • Velociraptor forensic collection capability
  • Evidence chain of custody documentation
  • DoD / prime contractor notification procedures
  • IR retainer — up to 4 hours/year included
MODULE 07 // CMMC ALL 14 DOMAINS
Compliance Engine
Signed evidence · POA&M · Assessment-ready output

NIST 800-171A mapped at the assessment-objective level — 300+ of 320 objectives across all 110 controls — to live, signed telemetry. Every fact is producer-signed and Merkle-anchored; an independent verifier lets your assessor re-check the evidence themselves. SSP and POA&M render from the evidence, not over it.

  • 800-171A objective-level mapper (300+ of 320)
  • Append-only, signed, Merkle-anchored evidence bus
  • Independent verifier — assessor-runnable, no trust required
  • Hardware-backed people-signing on adopted policies (WebAuthn)
  • POA&M + SSP rendered from live evidence · C3PAO package
MODULE 08 // FUTURE STATE · SHIELDGATE
Multi-Site SOC Layer
Cross-client correlation · Supply chain visibility · Coming 2027

ShieldGate aggregates signals across multiple AEGIS deployments — correlating threat patterns across the supply chain, sharing anonymized IOCs between DIB clients, and providing cross-site anomaly detection that no single deployment can see alone.

  • Cross-client beacon correlation
  • Anonymized IOC sharing between clients
  • Supply chain threat pattern detection
  • Aggregate CMMC posture reporting
  • Available to Manage + Full Service clients

Start where you are.
Build to where you need to be.

Profile A
STARTER
Visibility, perimeter hardening, and identity controls. The foundation every DIB shop needs before anything else.
M01 — Intelligence-Driven Visibility
M02 — Perimeter Hardening
M03 — Identity & Access Control
M07 — Compliance Engine
CMMC Level 2 Coverage
~65%
Profile C
ADVANCED
All modules. Full CMMC Level 2 coverage. Human-curated monitoring tuned to your specific sector.
M01 through M07 — All Modules
M05 — Threat Intelligence active
Priority access to M08 ShieldGate
Quarterly executive briefing
Assessment preparation included
CMMC Level 2 Coverage
~95%+

From first call to
running appliance.

01
Network Readiness Interview
30–45 minute remote call. We walk through your network, endpoints, policies, and CMMC posture. No charge. No obligation.
// FREE · SAME-DAY SUMMARY
02
Readiness Report & Proposal
A one-page readiness summary delivered before you leave the building — traffic light findings across all 14 CMMC domains, top three priorities, fixed-price proposal.
// DELIVERED SAME DAY
03
Deployment Day
On-site installation — appliance or VM, network tap configuration, host agent enrollment on all endpoints. Ansible-automated, documented, and tested before we leave.
// TYPICALLY 1 DAY ON-SITE
04
Ongoing Service
Monthly compliance reports, alert triage, POA&M updates, and remediation support. You get evidence. You get visibility. You get compliance momentum.
// MONTHLY RECURRING

Recurring service.
Predictable cost.

All tiers require a one-time Phase 1 deployment engagement. Pricing shown is for ≤15 endpoints — scales with environment size. Triangle / Triad area on-site included.

Monitor
from $500/mo
Eyes and evidence. You own remediation. Best for shops with in-house IT who need compliance coverage and network visibility without hand-holding.
  • AEGIS appliance operation + health monitoring
  • Monthly CMMC compliance report (HTML + PDF)
  • POA&M tracking — advances and regressions flagged
  • Monthly alert triage summary
  • Quarterly check-in call
  • Email support — 2 business day response
  • Quarterly Ansible stack updates
≤15 EP: $500  |  16–35 EP: $625  |  36–50 EP: $750
Full Service
from $2,500/mo
SND drives the compliance program. Best for shops with active DoD contracts and near-term CMMC assessment deadlines.
  • Everything in Manage
  • Weekly alert review with written summary
  • Unlimited remote remediation support
  • Two on-site visits per quarter
  • SSP maintenance — kept current
  • POA&M actively worked by SND
  • CMMC mock assessment walkthrough
  • Annual executive briefing
  • Priority phone — 2 business hour response
≤15 EP: $2,500  |  16–35 EP: $3,000  |  36–50 EP: $3,500

Built different.
On purpose.

20+ years of enterprise infrastructure. Former sole global escalation engineer for SolarWinds ThreatMonitor. Deep Cisco, DNS, and network behavioral analysis expertise. Not a platform vendor. Not a staffing firm. A consultant who has been inside these networks and knows what breaks.

AEGIS-DIB is built on open-source components — Zeek, Suricata, RITA — deployed via Ansible to hardware you own, in your facility, under your control. No vendor lock-in. No cloud dependency. No telemetry leaving your network. When the SaaS platform goes down, your security keeps running.

  • Others
    Cloud-analyzed EDR
    SND
    On-box processing, zero cloud
  • Others
    Endpoint-only visibility
    SND
    Full network + endpoint layer
  • Others
    Generic threat feeds
    SND
    DIB-specific, human-curated
  • Others
    Compliance is a checkbox
    SND
    Signed, verifiable evidence
  • Others
    Vendor lock-in
    SND
    Open source stack you own
  • Others
    OT devices invisible to EDR
    SND
    Network layer sees everything
// Network Readiness Interview

Know where
you stand.

A free 30–45 minute call. We walk through your network, your endpoints, your policies, and your CMMC posture. You get a one-page readiness summary — traffic lights across all 14 CMMC domains, top three priorities, and a clear picture of what November 2026 looks like from where you are today. No charge. No obligation. Delivered same day.

Schedule Your Free Interview
Triangle / Triad area · Remote interviews available anywhere in the US
info@standalonedefense.com  ·  Standalone Network Defense LLC  ·  Raleigh, NC