The Challenge
An existing defense contractor customer at $250K annually was approaching their CMMC Level 2 assessment deadline. They were using our basic MFA product but needed additional capabilities to meet the full authentication and access control requirements of the CMMC framework. They were evaluating purchasing supplementary tools from other vendors to fill the gaps.
The Approach
I offered to conduct a complimentary CMMC readiness assessment focused specifically on the authentication and access control practices assessed at Level 2. The assessment identified four specific control gaps that could be addressed by our advanced modules: conditional access policies, privileged access management, session management, and continuous authentication.
For each gap I provided a detailed mapping showing the CMMC practice, the current state, the required state, and how our specific module addressed the requirement. I also included a professional services component for implementation, configuration, and documentation preparation for the CMMC assessment.
The Result
The customer expanded by $450K — $300K in additional product modules and $150K in professional services. The expansion was funded from their CMMC compliance budget rather than their IT security budget, which meant it did not compete with other priorities. They passed their CMMC Level 2 assessment on the first attempt, and the compliance officer specifically credited our solution and advisory support.
Key Takeaway
Compliance requirements create expansion opportunities within existing accounts. When you can map your additional product modules directly to specific compliance gaps, the expansion sells itself. The key is providing advisory value that helps the customer see exactly where they stand and what they need.
Get new posts in your inbox
No noise. Tactical field notes when something worth sharing comes up.