Riverside Research, a national security nonprofit, focuses on rapid prototyping and aims to bridge commercial industry technologies with government mission needs. Their agility and customization allow them to provide innovative solutions tailored to specific problem sets. As the DoD increased its emphasis on cybersecurity, Riverside Research faced significant challenges in aligning its processes with the emerging Cybersecurity Maturity Model Certification (CMMC) standards. From a cybersecurity perspective, Riverside Research was keen to reduce ad hoc and undocumented processes, enhance standardization, and improve documentation of procedures. The scoping for CMMC compliance, including the classification of assets and data, presented a considerable challenge. Additionally, navigating the complex landscape of compliance requirements, such as DFARS clauses and CMMC rulings, demanded a strategic approach.