Reflections on Achieving a 110/110 CMMC 2.0 Audit Score
Sat 14 February 2026 by Patrick PiersonThe road to CMMC 2.0 Level 2 compliance is often described as a marathon, but for those of us in the trenches of federal IT, it felt more like a gauntlet. After months of late-night troubleshooting, documentation marathons, and technical hardening, I’m proud to share a major milestone: we’ve officially completed our audit with a perfect score of 110/110.
Beyond the "Compliance Box"
Reaching a 110 isn’t just about administrative due diligence; it’s a validation of the technical architecture I’ve spent the last several years refining. Throughout this process, my goal was never just to "pass" the audit, it was to build a functional, resilient fortress for Controlled Unclassified Information (CUI).
Compliance on paper is one thing, but ensuring that security controls actually work without hindering the mission is where the real challenge lies.
The Technical Pillars of Success
Achieving full marks across all NIST SP 800-171 controls required a deep dive into every corner of our environment. A few key areas that were critical to this success include:
Zero Trust in Practice: We leaned heavily into Microsoft Entra ID and Intune to move beyond the traditional perimeter. Proving that "Zero Trust" was a daily reality for every endpoint, not just a buzzword, was essential.
Visibility & Detection: Fine-tuning tools like Microsoft Defender and our Managed Security Service Provider VigilantSec (https://vigilantsec.net/) allowed us to demonstrate the proactive monitoring capabilities auditors demand. Being able to see, log, and react to threats in real-time was a cornerstone of our 110 score.
Infrastructure Integrity: From managing LUKS-encrypted Ubuntu servers to hardening our cloud footprint, every technical control was mapped directly to a requirement.
A Mission-First Perspective
Having served in Operation Iraqi Freedom, I’ve always viewed IT through the lens of mission readiness. Securing the Defense Industrial Base (DIB) feels like a natural continuation of that service. Passing this audit with a perfect score is more than a professional win—it’s a guarantee to the warfighters we support that their data is in safe hands.
The Finish Line is Just a New Starting Block
A perfect score is a great milestone, but in the world of cybersecurity, the work is never truly "done." The 110 reflects our status today, but the threat landscape of tomorrow is already shifting. The focus now moves from attaining compliance to sustaining it, ensuring our security culture remains as robust as the systems we’ve built.
How we built the Cloud Infra team
Building a team is hard but it is also fun.
read moreWhat I did during COVID-19
COVID-19 took over our lives so I helped out on an Open Source project
read moreDetecting news bias with AWS Comprehend
Let's use AWS to see if the news is bias.
read morePiAware and Python
Aircraft are all over the place, lets capture their data
read moreSimple JSON parsing and Requests
Use the output from the Requests package to parse JSON easily.
read moreAWS Config is my new favorite
AWS Config saved my deployment
read moreAWS Codebuild and Static Sites
Simple play by play of how I deploy this site
read moreOpenVpn via Cloudformation
Using OpenVPN to create a randomized VPN on AWS.
read moreSSH proxy for Firefox
Working from home? Need an alternative to VPN?
read more