Why is Newport News a government-contracting hub?

Newport News is home to Newport News Shipbuilding, the sole designer and builder of U.S. nuclear-powered aircraft carriers and one of two builders of nuclear submarines for the U.S. Navy. The supplier network around that prime, plus Naval Station Norfolk and the Norfolk Naval Shipyard in Portsmouth, concentrates the densest cluster of DoD and federal subcontractors in Virginia.

Do all DoD subcontractors need CMMC Level 2?

Most do. CMMC Level 2 applies to contractors that handle Controlled Unclassified Information. Subcontractors that handle only Federal Contract Information may fall under Level 1. The DoD contract or the flow-down clause from a prime specifies the required level. We confirm the level during the Helix Pulse before scoping a readiness engagement.

Do you certify our CMMC compliance?

No. We score your readiness, write the gap list, and ride the remediation. Your C3PAO certifies. We are honest about that line: a consultant who tells you they can both prepare and certify the same engagement is selling you a conflict of interest. We get you ready; the assessor signs.

Industry · Government Contracting

Government contracting: CMMC-ready before the audit floor.

You sell to a prime, or to a tier-2 who sells to a prime, and the email arrived three months ago: prove your CMMC posture before the next contract option year. The clock is on, the flow-down language is dense, and your IT person handles the laptops, not the audit floor.

Newport News is the densest concentration of tier-2 and tier-3 defense suppliers in Virginia, and Hampton Roads is one of the densest concentrations of defense buyers in the country. Newport News Shipbuilding builds and refuels every aircraft carrier in the fleet; Naval Station Norfolk is the largest naval base in the world; Norfolk Naval Shipyard runs the heavy maintenance for the Atlantic Fleet. The suppliers that feed those installations run $2M to $50M in revenue with 10 to 200 employees.

The IT pain here is not laptops or printers. It is Controlled Unclassified Information sitting in a commercial Microsoft 365 tenant the DoD will not accept, DFARS 252.204-7012 flow-down language coming down from primes your contract manager has never had to enforce, and a SPRS self-assessment score nobody on staff knows how to calculate honestly.

Secured server and storage array in a controlled data environment

Where it usually hurts

Key concerns in this sector.

CMMC Level 1 and Level 2 readiness

Scored before the C3PAO sees you. The gap list comes first, the audit comes second. We get you ready; the assessor signs.
NIST 800-171 control-by-control gap analysis

In writing, owners assigned. Not a spreadsheet you inherited from the last consultant.
DFARS 7012, 7019, 7020, and 7021 flow-down exposure

Your prime flowed the clauses down. We map your obligations to your control list and tell you what to negotiate before the next renewal.
CUI handling and the SPRS score

Where the Controlled Unclassified Information actually lives, and an honest SPRS self-assessment your contract manager can defend.
Audit-trail and policy stack a Level 2 assessment asks for

Stood up, maintained, and ready. The day the assessor arrives should be uneventful.

Services we apply here

How we engage in this sector.

You can have the number by Friday.

The Pulse is free, sixty minutes, and the only thing you walk out with is your CTGA score and the three gaps that cost you the most. If we are not the right fit, you keep the score and we both move on.

Book Your Free Pulse See the 30-day roadmap

Government contracting: CMMC-ready before the audit floor.

Key concerns in this sector.

CMMC Level 1 and Level 2 readiness

NIST 800-171 control-by-control gap analysis

DFARS 7012, 7019, 7020, and 7021 flow-down exposure

CUI handling and the SPRS score

Audit-trail and policy stack a Level 2 assessment asks for

How we engage in this sector.

You can have the number by Friday.