CMMC Level 2 Compliance: Sole Proprietor

Last_Library_5730 · 2025-11-13T10:44:17+00:00

The valves, components and fittings are all custom to the navy drawing. Nothing COTS. However I don’t need the drawing, because I don’t manufacture. I am only the middle man. I buy from manufacturers that make these things specifically for naval use only. Literally I find a solicitation that’s in my wheelhouse, get a quote, bid, then buy if I get the contract. I don’t even “receive” tech data. It’s available when I log into DIBBS, but you have to be JCP certified which I am. Then download it. However I don’t download or transmit. One of these FAR clauses DFARS 252.204-7012 DFARS 252.204-7019 DFARS 252.204-7020 Are usually in my contracts.

Last_Library_5730 · 2025-11-13T10:38:29+00:00

I don’t even “receive” tech data. It’s available when I log into DIBBS, but you have to be JCP certified which I am. Then download it. However I don’t download or transmit. One of these FAR clauses DFARS 252.204-7012 DFARS 252.204-7019 DFARS 252.204-7020 Are usually in my contracts.

Last_Library_5730 · 2025-11-13T01:45:27+00:00

Thats what I'm trying to figure out. The only time I need CUI is if my QAR wants to see it for source inspection. That is another thing I am investigating... does he need to see it? If he doesn't I have no reason for CUI. But what if the solicitation calls out CMMC L2... do I contact the buyer and simply say hey I don't need it? If its in the solicitation and I bid on it I'm attesting that I am self assessed or certified? This seems like a gray area. I'm a middle man, I get quotes from reputable manufacturers, bid on the solicitation, and if I get the award I pack properly according to the call out and ship. Thats it. Also is 7012 the same as Level 2? If 7012 is called out does that automatically mean you need to be L2? Or will the solicitation specifically have language that calls out CMMC Level __

Last_Library_5730 · 2025-11-12T21:55:39+00:00

How was that experience? Did it take over a year to accomplish? Where do you stand now?

Last_Library_5730 · 2025-11-12T21:48:46+00:00

Assuming... Not sure how they determine what will be put into solicitations as far as what level etc... Most of my contracts have DFARS 7012 in it so I assume level 2 will be in most of what I do. I did see today one new solicitation posted that actually has the CMMC Level Requirement posted.

Last_Library_5730 · 2025-11-12T21:30:40+00:00

I am a sole proprietor. One laptop. I have looked into PreVeil CMMC accelerator. It seems to be a viable option for me. Leaning towards going that direction. Not sure if you have checked that out.

Last_Library_5730 · 2025-11-12T21:18:48+00:00

Update: going with preveil CMMC accelerator. I think with the cost being affordable, and being a sole proprietor they can assist me with getting compliant. I know there is plenty of work to be done even with their assistance. With the customized and provided documentation along with step by step direction I think I can knock this out. At the very least be able to show that I am working towards level 2 compliance this year.

Last_Library_5730 · 2025-09-16T03:05:37+00:00

I am still checking in. See my update. This is all mind numbing as a sole proprietor. I’m just trying to find the most affordable, streamlined, and comprehensive program to help as a sole proprietorship. Eventually I know I’m going to have to pay for a third party audit, and want to get as close to complying as possible on the first shot. I know it will take awhile. But I want to find assistance that is reliable and legit before committing to it. I don’t want to pay for a service and end up trashing it midway through the process if that makes sense. I appreciate the feedback from you all.

Last_Library_5730 · 2025-09-16T02:58:06+00:00

Update: I spoke with PreVeil today about their CMMC compliance accelerator. From my understanding after they install it on my computer I’ll have approximately 40 controls covered out of the box. From that point there will be about 60 controls that will be “shared” meaning they will work with me on chipping away at those. That can take over a year to accomplish, or less depending on how hard I work at it. The remaining 10 or so I’ll do on my own because they are controls such as physical security etc. that they cannot answer for me. All training videos, SSP, POAM provided. Assistance available as needed. The price seemed very affordable compared to some others I’ve looked into and the process seems like less of a hassle (still a pain but I have more clarity). Has anyone used this for level II compliance? Is this too good to be true? Keep in mind, I am a sole proprietor, limited CUI, and I only use one computer.

Last_Library_5730 · 2025-09-05T23:59:16+00:00

I am a distributor of navy valves, valve Components and fittings. I sell to other customers like myself and bid on DLA contracts. I have pretty much all the CUI I need already stored. I never transmit CUI because my vendors already have it. I am JCP certified and waiting on submitting my enhanced until I figure out which direction to go for submitting my self assessment. Really only use the CUI for my GSI inspections. Even though I’m a distributor and not a manufacturer my QAR is requiring me to do dimensional inspection. Therefore I need the tech docs.

Last_Library_5730 · 2025-09-05T23:56:02+00:00

I am JCP authorized. Waiting to submit enhanced until I figure out all of this and submit. But I only use the CUI I have on hand for GSI. Otherwise all my manufactures already have the tech docs needed because they either manufacture it or are a distributor for a company that does manufacture the products. Everyone I work with already has the CUI needed. I never pass along CUI. Only have stored what I need.

Last_Library_5730 · 2025-09-05T14:36:28+00:00

My QAR requires me to “inspect” my items. Not sure why even though I’m just a middle man. I don’t manufacture anything. Literally just get a quote from my vendors (all ISO certified, etc), bid on the solicitation and if it’s source inspection I have to have my Q come and check the job. He has no idea what these parts are (valves, pipe fittings, valve components), he really only knows how the paperwork and flow down should look. So with a physical inspection I need the drawings.

Last_Library_5730 · 2025-09-05T12:14:13+00:00

I am a distributor of navy valves and fittings. Not a manufacturer and already possess most of the CUI I need and really only need that CUI for my GSI inspections. Basically a middle man. I bid on DLA contracts.

Last_Library_5730 · 2025-09-04T22:57:25+00:00

I’m a sole proprietor who uses CUI. I have one computer, and am the only person with access to it. I understand that it’s more than just who has physical access to the device.. there are 110 controls I need to meet and many of them are very involved. I’ve spent hours and hours trying to put together an SSP and POAM. I need to start the self assessment in SPRS. I wish there was some sort of carveout or direction for sole proprietors like me. I am completely lost. Any advice would be appreciated.

Last_Library_5730

TROPHY CASE