grey exit X
Take a personalized
self-guided tour
Your Company
fulcrum browser interface
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Ben Sheats, CTO
June 3, 2026

Built for defense work: Fulcrum and CMMC 2.0

Fulcrum's CMMC 2.0 Level 2 certification is underway with a C3PAO and dates set. Here's the timeline, the architecture behind it, and the evidence your assessor will want.

If you run a shop with defense work, you've probably been given a lot of conflicting answers about what your software needs to do to keep you compliant. Here's a straight one about where Fulcrum actually is.

We're in certification now

Fulcrum is going through CMMC 2.0 Level 2 certification, with a C3PAO and dates on the calendar:

  • Our C3PAO is Align A Line.
  • Initial assessment: week of July 7, 2026.
  • Full audit: week of August 17, 2026.
  • Target certificate: early September 2026.

We've been preparing for months with our compliance consultants: gap analysis, POA&M cleanup, and control documentation. The July assessment is Align A Line walking through what we have. Anything they flag, we fix in the weeks before the full audit. The goal is to be at 100% before they walk in.

If you're a current or prospective customer and your assessor wants an attestation that we're under active assessment, we'll send the letter from Align A Line directly. Just ask your account manager.

What your data actually runs on

Our entire CMMC environment runs inside Azure Government. A few specifics that matter for an assessor:

  • One database per tenant. Your data sits in its own database, not commingled with anyone else's.
  • Files and documents, where CUI is most likely to land, sit in encrypted storage with keys held in Azure Key Vault.
  • No public route. The application has no publicly addressable path and sits behind a web application firewall in prevention mode.
  • Scoped access. Customers log in using a username and password with multi-factor authentication (MFA), with no identity inside our environment and no way to reach a cloud resource directly.
  • AI stays in the enclave. AI features in this environment use models hosted inside Azure Government. Your data never leaves the enclave to reach a public model.

What this means for your own audit

If you're heading into your own CMMC assessment, here's what we can put in your hands. Ask your account manager:

  • An attestation letter from Align A Line confirming we're under active assessment, with the dates.
  • A Customer Responsibility Matrix that maps each NIST 800-171 control to whether responsibility sits with Fulcrum, with you, or is shared. Bring this to your assessor early.
  • A working session with our team if your assessor has specific questions. We'd rather be on the call than leave you to answer for us.

Once we have our certificate, you'll get that too, as supporting evidence for your own assessment.

Transcript

The bottom line

CMMC 2.0 certification is in motion, with a real C3PAO and dates on the calendar. Your data runs entirely inside Azure Government. We're not going to oversell where we are, and we're not going to hold you back.

If you want our Customer Responsibility Matrix or a working session on the architecture, email me at ben@fulcrumpro.com.

New to Fulcrum? Schedule a demo.
We Said We’d Move FasterWe Said We’d Move Faster
We Don’t Need Tariffs. We Need Better Infrastructure for U.S. Manufacturers.We Don’t Need Tariffs. We Need Better Infrastructure for U.S. Manufacturers.
Connect 2026: Fulcrum Customers are Building Their Own SoftwareConnect 2026: Fulcrum Customers are Building Their Own Software
+1 (612) 502-0050
Youtube logo
The Twitter logo, a small bird.
The Linkedin logo.
The instagram logo.
The Facebook logo.
Get UpdatesFulcrum Series A2
Product
Job TrackingJob SchedulingJob CostingGrouped WorkQuotingPurchase PlanningQuality ControlInventoryLive ReportsFinanceBOM & RoutingShipping & ReceivingDemand Planning
Explore
LaunchIntegrationsWhy FulcrumSheet Metal FabricationPrecision MachiningOperations LeaderProduct Updatesfulcrum  x AS9100 MatrixTest Drive
Switch
ProShopJobBOSS² / E2Global Shop
Resources
BlogContactDemoCareersPrivacyAPI Docs