CMMC L2 Simplified Audit-Readiness Leads to Certification

Shipping & Logistics | CMMC | NIST

With a flawless 100% score in CMMC Level 2 certification, our team has streamlined security and compliance operations—demonstrating that even a small, focused group can uphold the highest standards while driving global business success.

DT Gruelle transformed its cybersecurity program, achieving CMMC Level 2 certification and enhancing its overall security posture. The company is better positioned to win and fulfill government contracts with confidence, while staying ahead of rigorous security standards for Department of Defense service providers. 

Customer Snapshot 

Company: DT Gruelle 

Industry: Freight Logistics & Supply Chain Management 

Website: dtgruelle.com 

DT Gruelle is a global freight logistics company specializing in optimizing supply chains for efficiency, cost reduction, and risk management. Their services include international freight forwarding, customs brokerage, and logistics strategy consulting. As they expanded into government contracting, the need for robust cybersecurity compliance became a critical business priority. DT Gruelle sought to meet stringent Cybersecurity Maturity Model Certification (CMMC) Level 2 requirements to position itself for larger government contracts, while ensuring overall resilience in its security posture. 

 

Situation

As D.T. Gruelle moved toward handling Controlled Unclassified Information (CUI) for government contracts, it faced a cybersecurity maturity gap that required external expertise to achieve CMMC compliance. Their challenges included: 

  • No internal cybersecurity team, relying on Seiso for cybersecurity management and compliance, alongside other partners for IT and security support: D.T. Gruelle’s team managed a broad range of responsibilities across logistics and IT, but lacked dedicated cybersecurity personnel to address evolving security requirements. 
  • Evolving risk management processes: D.T. Gruelle recognized the need to strengthen its approach to vendor risk assessments, vulnerability management, and security governance as part of its broader compliance efforts. 
  • IT resource constraints: D.T. Gruelle’s internal team was lean, balancing logistics operations while seeking to enhance security capabilities in alignment with regulatory expectations. 
  • Readiness for formal assessment and future maturity goals: D.T. Gruelle had successfully implemented initial CMMC controls but recognized the need to elevate its cybersecurity maturity to align with evolving regulatory requirements and market expectations. This included improving documentation, refining risk management practices, and ensuring long-term scalability of their compliance framework. 
  • Readiness for formal assessment: To bid on government contracts, D.T. Gruelle needed a CMMC-compliant enclave for securely handling CUI, ensuring that only designated parts of their infrastructure met stringent security standards. 

Without external expertise, achieving compliance within a reasonable timeframe would have been prohibitively difficult.  

 

Solution 

Seiso implemented a comprehensive set of cybersecurity program enhancements specifically designed to prepare D.T. Gruelle for CMMC Level 2 standards. The engagement included: 

 

1. Cybersecurity Program Development and Governance (vGRC Services) 

Seiso established and now maintains D.T. Gruelle’s cybersecurity governance, risk, and compliance (vGRC) functions, ensuring continuous adherence to CMMC requirements. These functions include: 

  • Annual control gap assessments: Identify gaps and create Plans of Action and Milestones (POA&Ms) for non-compliant areas. 
  • Risk management governance: Monthly risk committee meetings to assess emerging threats, discuss critical risks, and track mitigation progress. 
  • Asset-based risk assessments: Annual evaluation of D.T. Gruelle’s security risk posture and prioritize improvements. 
  • Vendor risk management program: Structured vendor risk assessments to evaluate supply chain security and compliance with CMMC guidelines, including:  
    • A fully developed, comprehensive vendor risk management framework to assess, monitor, and mitigate risks associated with third-party suppliers.  
    • Vendor security questionnaires with risk rating methodologies, and periodic reassessments to align with evolving CMMC standards.  
    • Evaluation and selection recommendations of vendors with strong security postures. 
    • Client-Vendor integration to ensure compliance across the supply chain. 
  • Governance documentation updates: Annual reviews and updates to security policies, procedures, and governance frameworks. 

 

2. CMMC Level 2 Compliance and Security Control Alignment

Seiso guided D.T. Gruelle through the structured process of preparing for CMMC Level 2 certification, ensuring compliance with all required security controls: 

  • Creation of a CMMC-compliant enclave: Worked closely with D.T. Gruelle’s Managed Service Provider (MSP) to establish a dedicated security enclave where CUI data would be securely stored and processed to establish a dedicated security enclave where CUI data would be securely stored and processed. 
  • Technical control evaluation and remediation: Conducted a full audit of D.T. Gruelle’s security controls, recommending necessary changes and updates to align with CMMC requirements. 
  • Coordination with CMMC Third-Party Assessment Organizations (C3PAO): Supported D.T. Gruelle in preparing for their formal CMMC assessment by authorized external assessors, ensuring all compliance documentation, control implementation, and security evidence were in place before the audit. 

 

3. Security Awareness and Training 

Beyond compliance, Seiso provided ongoing managed security services to sustain D.T. Gruelle’s cybersecurity posture: 

  • Annual penetration testing: Seiso conducted penetration tests to assess system security and uncover vulnerabilities before adversaries could exploit them. 
  • Incident response tabletop exercises: Annual simulated attack scenarios were conducted to test D.T. Gruelle’s incident response plan, with playbooks developed for different cyber threats. 
  • Security awareness training: Seiso designed and delivered annual cybersecurity training covering phishing prevention, insider threats, ransomware defense, and secure handling of CUI. 
  • Physical security walk-throughs: On-site evaluations ensured compliance with security protocols for access controls and facility protection. 

 

Results  

Seiso’s engagement enabled D.T. Gruelle to achieve CMMC Level 2 Certification, laying the foundation for expanded government contracting opportunities. Key outcomes include: 

  • Achievement of a mature, structured security program: D.T. Gruelle transitioned from an informal, ad-hoc security posture to a fully managed, robust, and always audit-ready, CMMC Level 2 compliant Information Security Management System (ISMS), ensuring long-term compliance and risk mitigation. 
  • Significant risk reduction: With monthly security governance and vendor risk assessments, D.T. Gruelle improved risk visibility and response capabilities, strengthening resilience against cyber threats. 
  • Improved security awareness and operational readiness: Through security awareness training and annual incident response exercises, D.T. Gruelle’s team is now equipped to identify and respond to cyber threats effectively. 
  • Streamlined compliance management: The structured governance framework reduced the internal burden of cybersecurity management, allowing business leaders to focus on operations while maintaining security best practices. 

 

 

Ready to Simplify Your Security Compliance?

Do you need to show your clients that you have an effective information security program, or have you committed to obtaining an ISO 27001 certification, CMMC certification, HIPAA compliance, or SOC 2 attestation? Seiso works with growing companies to meet the challenge.

 

Get in touch to simplify your highly regulated industry security compliance journey.