CMMC 2.0 readiness for the Defense Industrial Base

Get to assessment-ready before the contract clock runs out.

We help DoD subcontractors prepare for CMMC Level 1 and Level 2 assessment, build the documentation auditors actually accept, and maintain the SPRS score that keeps the contract.

Request a CMMC readiness consultation See how we work

Our point of view

Living Compliance over checkbox security.

Compliance written once and shelved fails its first real test.

We build cybersecurity programs that live in the day-to-day — policies people actually follow, evidence that's continuously collected, and a posture that's defensible the day a customer, an assessor, or an incident shows up.

That's the Living Compliance Framework. It's how we work, on every engagement.

Scope honesty

LED Defense is a CMMC consulting practice. We help contractors prepare for assessment.

We are not a C3PAO. Certification assessments are conducted by Cyber AB-authorized assessors. We work alongside them — getting your environment, documentation, and evidence ready before the assessor arrives.

Frameworks we work to

The regulations we live in.

  • CMMC 2.0

    Level 1 (Federal Contract Information, 17 practices) and Level 2 (Controlled Unclassified Information, 110 practices).

  • NIST SP 800-171 Rev 2

    The current 110-practice baseline. Tracking Rev 3 as it rolls out.

  • DFARS 252.204-7012

    Safeguarding covered defense information and cyber incident reporting.

  • DFARS 252.204-7019, -7020, -7021

    NIST 800-171 assessment requirements and the CMMC assessment clause.

  • FAR 52.204-21

    Basic safeguarding of covered contractor information systems.

  • NIST SP 800-53 Rev 5

    Where the engagement touches federal information systems.

What we deliver

Concrete artifacts. Defensible decisions.

  • CMMC scoping and boundary definition

    What is in scope, what is not, and how to draw the line defensibly.

  • Gap assessments

    Control-by-control mapping against NIST SP 800-171, with prioritized remediation.

  • System Security Plan (SSP) authorship

    The document the assessor reads first.

  • POA&M development

    A Plan of Action and Milestones for any open gaps — written to be closeable.

  • SPRS score calculation and roadmap

    Current state, target state, and the path between.

  • Evidence collection and policy library

    The artifacts that prove the practices are real.

  • Pre-assessment readiness reviews

    A dry run before the C3PAO arrives.

  • Ongoing compliance maintenance

    Living Compliance, kept alive between assessments.

Who we work with

Tier 2 and Tier 3 DIB subcontractors.

The companies that don't have a full-time compliance team and just discovered a CMMC clause in a flow-down. Engagements range from a one-off gap assessment to a multi-quarter readiness program.

Founder

Seth Ledbetter

Founder and Principal

Aerospace and defense enthusiast with strong roots in the Defense Industrial Base, drawn to edge technology and the mission of enabling the warfighter. Founded LED Secure Infrastructure on a single conviction: DIB contractors deserve a Living Compliance Framework, not checkbox security.

Credentials: CompTIA Security+

Contact

Schedule a 30-minute consultation.

We'll review your contract requirements, current posture, and the highest-leverage place to start.

We'll only use this to reply to you. See our privacy policy.