The challenge
Millbrook Machine is a precision machining shop that produces components for defense supply chains. Like many small manufacturers in the defense industrial base, they run a lean operation: a small IT footprint, production machines sourced from multiple countries, and network equipment chosen for reliability and cost, not enterprise security.
Their network runs on MikroTik routers and switches. Their production floor includes CNC machines and machining centers from foreign manufacturers. Their office systems handle Federal Contract Information (FCI) that falls under CMMC Level 1 requirements.
The compliance requirement was straightforward: implement the 17 practices in CMMC Level 1 to keep bidding on DoD contracts. The reality was more complicated.
The foreign-sourced production equipment raised supply chain risk questions. The MikroTik network infrastructure, while functional, had no built-in segmentation or access control at the level CMMC requires. And Millbrook, like most shops its size, does not have a dedicated IT security team.
They needed a way to get CMMC Level 1 compliant without ripping out their existing infrastructure or hiring a security engineer.
The solution
Trout deployed an Access Gate One appliance at Millbrook's facility, connecting it inline to their existing MikroTik network. No replacement of routers or switches. No reconfiguration of the existing topology.
The Access Gate provided three things Millbrook's network was missing:
Visibility across IT and OT. Passive discovery mapped every device on the network, including office workstations, servers, printers, and every production machine on the shop floor. Millbrook now has a complete asset inventory, including the foreign-sourced CNC equipment, with communication flows documented.
Segmentation between IT and production. The Access Gate created overlay-based segmentation between the office network (where FCI is handled) and the production floor (where foreign-manufactured machines operate). This separation addresses both the CMMC access control requirements and the supply chain risk concern: production machines from foreign sources cannot reach FCI-handling systems.
Access control and audit logging. Identity-based access policies control who can reach what. Every connection is logged. The audit trail satisfies CMMC Level 1 practices for access control, identification and authentication, and system protection.
The deployment took 4 days on-site. Day one: physical installation and network discovery. Day two: asset classification and zone definition. Day three: policy creation and enforcement. Day four: validation, documentation, and handoff.
Results
Millbrook achieved CMMC Level 1 compliance in 4 working days. Their MikroTik network is still in place. Their production machines are still running. The difference is that FCI is now confined to a controlled environment with segmentation, access control, and a full audit trail.
The foreign-sourced production equipment is isolated from FCI-handling systems at the network level. If a CNC controller is compromised, it cannot reach the office network where contract information lives.
Millbrook can now demonstrate compliance to primes and to DoD without having replaced their network infrastructure or hired dedicated security staff. The Access Gate runs alongside MikroTik, not instead of it.