CMMC in a Day? NtelSec’s “Enclave” Approach to Fast-Track Compliance Artwork

Recklesss Compliance

A Federal Security & Compliance career is a very rewarding career - we get the honor and privilege of protecting some of the most guarded assets of our great country. However, it doesn’t come without a cost. We often take the brunt of the beating when it comes to the regulations that are impeding innovation.

Join federal security professional Max Aulakh as he distills the challenges facing our career field, pulling back the curtain on culture, emerging technical knowledge, ATOs, CMMC and various federal cyber frameworks.

Each episode is jam-packed with powerful information to cut through the noise. We will break down tools, tips and techniques to help you get better and to quickly get through the federal accreditation processes. It doesn’t matter what type of systems or technology you are dealing with, if you have heard of or are familiar with terms like STIGS, SAP, SAR, FedRAMP, and ConMON or newer terms like cATO, Big Bang, OSCAL, CMMC and SBOMs - we will break it all down.

All Episodes

Recklesss Compliance

CMMC in a Day? NtelSec’s “Enclave” Approach to Fast-Track Compliance

October 10, 2025 • Max Aulakh • Season 1 • Episode 16

Send us a text

In this episode of the Reckless Compliance podcast, Max talks with Justin Paquette from NtelSec about a bold idea: helping small contractors achieve “CMMC in a day” by working inside a pre-secured enclave—CUI Vault—instead of overhauling their entire enterprise. Justin explains how NtelSec’s government collaboration platform SectorNet (which recently achieved FedRAMP Readiness) informed the commercial offering, and why treating the provider as a cloud service (CSP)—not a managed service (MSP)—can slash cost and complexity.

They dig into the nuts and bolts: scoping to an enclave in SPRS, leveraging a customer responsibility matrix for shared controls and inheritance, and how pairing a standard architecture with repeatable audits (through partners like Ignyte) drives costs down. Justin also shares when an enclave is not the right fit, practical pricing discussed on the show, and candid advice for first-time federal sellers facing slow cycles and limited resources.

Discussion Topics

The problem: small businesses priced out of CMMC by enterprise-wide overhauls
CSP vs. MSP models: why “use our compliant system” beats “we build yours” for SMBs
Tight scoping: Enclave vs. Enterprise vs. Contract selections in SPRS/PIEE
Process walkthrough: L1 self-attestation vs. L2 with provided SSP and artifacts
Partnerships with auditors (incl. Ignyte) to make assessments repeatable and lower-cost
Who it’s for (and not): email/docs with FCI/CUI vs. large programs with bespoke needs
Practical tips for newcomers to the federal market (expectations, cash burn, timelines)

Max Aulakh Bio
Max is the CEO of Ignyte Assurance Platform and a Data Security and Compliance leader delivering DoD-tested security strategies and compliance that safeguard mission-critical IT operations. He trained and excelled while serving in the United States Air Force, maintaining and testing InfoSec and ComSec functions for global unclassified and classified networks.

Connect with Max
LinkedIn: Max Aulakh
Website: Ignyte Assurance Platform

Guest Bio
Justin Paquette (NtelSec) builds secure collaboration and compliance solutions including SectorNet for government–industry engagement and CUI Vault for enclave-based CMMC workflows. His background spans large federal IT programs and practical, security-first SaaS delivery.

Connect with the Guest
LinkedIn: Justin Paquette

Resources Mentioned (in-episode)

NtelSec SectorNet (government collaboration portal)
CUI Vault (enclave offering for CMMC)
SPRS / PIEE self-attestation flows (enclave vs. enterprise)
CMMC Level 1 & Level 2 considerations
Microsoft 365, VDI, ID.me (identity), Customer Responsibility Matrix
GCC High (contextual comparison mentioned)

[00:00:00] Max Aulakh: Welcome to Reckless Compliance Podcast, where we learn about unintended consequences of federal compliance brought to you by ignyteplatform.com. If you're looking to learn about cyber risk management and get your product into the federal market, this podcast is for you. Or, if you're a security pro within the federal space looking for a community, join us. We'll break down tools, tips, and techniques to help you get better and faster to get through the laborious federal accreditation processes. It doesn't matter what type of system or federal agencies you're dealing with. If you've heard of confusing terms like ATOs, FedRAMP, RMF, DISA Stigs, SAAB SARS, or newer terms like CATO, Big Bang, OSCAL, and SBOMs, we'll break it down all one by one. And now, here's the show.

[00:00:42] Max Aulakh: Hello everyone. My name is Max Aulakh. I'm the host of Reckless Compliance. Today we've got a pretty exciting topic considering the final rule for CMMC is out, That's getting published tomorrow. So today we've got Justin Paquette from Ntelsec.

[00:01:05] Max Aulakh: We're gonna learn a lot about their technology and their FedRAMP journey and also what motivated them. So without further ado, Justin welcome. Thank you for being here. Would love a background from you, man. So tell our audiences about a little bit about yourself and the story.

[00:01:22] Justin Paquette: Yeah, I mean, background in software development spent, a very long time as a government contractor building out some pretty large IT cloud systems for HHS, worked a lot with US courts, you know, experience as a, as a company, right?

[00:01:36] Justin Paquette: Our founder was, head of intelligence, former head of intelligence with the FBI, and. I worked on InfraGard, a lot of collaboration programs, a lot of spaces where the private sector's looking to interact with the government. We've seen a lot of pain points there and that's kind of where we decided to go out and start something new.

[00:01:55] Max Aulakh: That's awesome. So I think there's always gonna be a pain point where the government is trying to interact with the public in a safe and secure way. I think it's a great background, especially with the, you know, having the InfraGard. 'cause I remember when I first got into security, Justin, I would go to these InfraGard events.

[00:02:14] Max Aulakh: They would do a basic security clearance, a kind of check, like a basic public check. Nothing advance. I just think it's just such wonderful service to the public because before InfoGard, we really didn't have much of a community in the defense industrial base, you know? But yeah. love the background.

[00:02:32] Max Aulakh: So tell me about Ntelsec. What is like the big problem you guys trying to solve and, and how did you even discover, you know, stumble on this?

[00:02:40] Justin Paquette: Yeah, I mean, so we started off, you know, our mission was really to aid collaboration between the private sector and the public sector, right? So we, you know, built a tool.

[00:02:50] Justin Paquette: We have a product called Sector Net that we use that's really built, it's a SaaS tool that's used for the government to be able to. Safely and securely interact with their partners in the private sector, it's mostly used in the intelligence sector. We, you know, started realizing that a lot of what we had built right, we went through the process.

[00:03:07] Justin Paquette: We just got our FedRAMP readiness with sector net. We built out all of the things that we need to build out to securely, exchange government information with the private sector. So why don't we, see if we could take that and apply it to the CMMC market. You know what we realized that was what we built effectively, is a solution for the CMMC market.

[00:03:27] Justin Paquette: We've built a solution that allows federal government contractors to interact with FCI and CUI level information. In a way that doesn't involve having to recertify their whole enterprise, that doesn't involve having to go out and hire a bunch of consultants to come in and revamp everything that they've done and then go through a bunch of compliance exercises that they don't understand.

[00:03:50] Justin Paquette: You know what we're trying to solve is the fact that the way the industry has responded to CMMC right now is that small businesses are effectively getting priced out of the market. They're getting when you go out and try to look for solutions for CMMC, it's like you're buying a house. You have to figure out all the different parts of it.

[00:04:08] Justin Paquette: You have to bring in a bunch of different consultants. You have to change everything about the way that you're working. And that's such a huge overhaul that most small businesses aren't gonna be able to do. So we saw an opportunity there to take a platform like the one we had already built. Actually share some of this burden, right?

[00:04:23] Justin Paquette: So find a way that we can really get contractors working in a safe space without having to have the burden of rebuilding all of their IT systems in order to do it.

[00:04:34] Max Aulakh: So Justin, it sounds like you're trying to put me out of a job, man, you know? No, but I agree with you. There is a huge sentiment towards the cost of doing business, negative sentiment on how expensive it's getting to just work with the government.

[00:04:52] Max Aulakh: And there are so many startups that are innovative doing all sorts of stuff. This is just another thing that they gotta do. And most of the time it's not that big of a deal, but this one it's a huge cost. You're absolutely right. Right?

[00:05:05] Justin Paquette: I mean, not a lot of companies know how to run a. Fully NIST 800-53 compliant business.

[00:05:12] Justin Paquette: They don't know what all those security controls are, how to implement it. And that's why a lot of them are now faced with bringing in consultants who are gonna, come up with a solution for them. So our idea is to come up with a solution. So we've done essentially built like an email address that you can use, kind of like a Hotmail address, we call it CUIVault is the product, right?

[00:05:37] Justin Paquette: And so you get an email address with CUIVault. It's actually an M-365 account, so you can use Word and you can use Excel, and you can use Outlook and send emails back and forth to the government using that email address. You don't have to certify yourself CMMC compliant. For your whole enterprise, you can actually do it as an enclave.

[00:05:58] Justin Paquette: Something a lot of people don't know. You don't have to convert all of your IT systems as long as you only interact with the government at that FCI and C level through this account that we create for you. You're ready to go within a few hours,

[00:06:14] Max Aulakh: you are tightening up the scope, right? Because I think once you enter in this tool called the SPRS or PIEE, you can select, Hey, do you need this to be the enterprise?

[00:06:27] Max Aulakh: Do you need it to be contract specific or do you need it to be what's called a enclave? And that's what you guys are. Kind of offering and then just tightening it to that. I'll go back to saying this again. You're really trying to put consultants out of a job, which I'm one of them. Right?

[00:06:43] Max Aulakh: I don't mean that in a bad way, but I do see, 'cause an average consultant would cost anywhere from like 200 to 300 bucks an hour. Then you got the cost of audit, which could be like another 20 to 50k. Right. And then you still haven't even touched any of the technology.

[00:07:02] Max Aulakh: So I see like there's a lot of merit to trying to build something like this. I guess Justin, how did you even come up with this, right? Cost is definitely a big pain point, but this is a pretty innovative solution. How did you guys kind of stumble on it? What was that journey like? You know, going through that type of process, like how did you come up with this idea?

[00:07:21] Justin Paquette: Well, I mean, it all started from the fact that we had built this other product that we had already gone through the journey of knowing exactly what we needed in order to meet the compliance requirements that we needed to meet, right? And we said, well, we've built this thing. We could be CMMC compliant tomorrow because we've already done all the work to get all of this stuff in place, right?

[00:07:40] Justin Paquette: And then it's, you know, that's kind of the light bulb moment of saying, well, what if all of these small businesses that don't have the capability or at all the desire to do this could just piggyback off what we had already done. Right? Yeah. Could piggyback off of a system that. They know and we know is already secured, is meeting all of the controls.

[00:07:59] Justin Paquette: You know you mentioned the SPRS system, right? Like that's the system where you go and you self attest that you are compliant with CMMC. The way our solution works, you sign up with us, we walk you through some of our customer responsibility matrix, so you see that you still need to do things like control who uses the system, and you still have some responsibilities that you need to do when you get that account with us and you sign up.

[00:08:22] Justin Paquette: You can then just go right into Spurs and click yes, yes, yes, yes, yes. Right. All of the security controls that they're asking you to attest to are things that we've taken care of in this environment. You know, you, you have an enclave that could do all of these things without having to, you know, go through the effort of realizing 'em.

[00:08:40] Max Aulakh: So you are, I think you mentioned it, you said earlier you have the sector net, which has gone through the FedRAMP. Process. Yeah. And you're essentially, you're building CUI vault on top of it and then allowing for maximum amount of inheritance. Yeah. So for a small business to really, yeah, there are things like, you know, a background check or hiring the right people, right?

[00:09:01] Max Aulakh: There are still responsibilities that a business has, but those are, those are normal and ordinary responsibilities, right? That, that they're already used to, and you're really trying to take as much burden off of them. In order for them to even receive FCI or CUI. Right, right. Yeah. So they're

[00:09:17] Justin Paquette: not gonna have to worry about the it part of it, you know?

[00:09:20] Justin Paquette: Okay. What we need to do is worry about the process and make sure they're hiring people that they should be hiring to do this kind of work. I mean, we'll never be able to help with that, you know, but what we can do is just take the it part of it out of the equation, you know, and, and get, get them a space where they know that they can work.

[00:09:36] Max Aulakh: That's pretty awesome. So, you know, the other thing that I think is very important and interesting is that you guys, your, especially your co-founder, you guys are, you guys have already kind of been doing this kind of work as part of FBI, right? When Eric was, Eric, who's your co-founder. 'cause really, if we think about it, before this whole CMMC and CUI, the government was already.

[00:09:57] Max Aulakh: Sharing sensitive information with the public. Right. And they have their own portal. So can you talk to me a little bit about that, perhaps? I know CUI Vault is really the focus, but like how does sector network work and how does that interact with this?

[00:10:12] Justin Paquette: Yeah, I mean, what we set out to do with Sector Net is really to, to take a good look at all of the portals that exist out there.

[00:10:18] Justin Paquette: You mentioned InfraGard, but there's so many of these portals. Some of them exist, just these small little in-house projects that have been done where these, you know, portals have been made where everybody's doing the same thing. They're working on documents together. They're trading conference calls with each other, meetings, they're writing messages to each other.

[00:10:36] Justin Paquette: Right. So we wanted to basically take that. Concept of this portal that basically has existed and it's been recreated so many different times and create one single space where people could collaborate. The biggest challenge that the government has is that they have these.gov mill tenants, right, where they're able to communicate on teams.

[00:10:56] Justin Paquette: They're able to collaborate internally with each other really well. As soon as they try to bring somebody in from outside of the organization, there's no blueprint for them to do that. And so they end up bringing people in. They end up, you know, sending them emails that they shouldn't be receiving. They end up, you know, sending out conference calls that can be forwarded to others and other people jump on the call.

[00:11:15] Justin Paquette: You know, there's, there's all these sort of barriers where the tools that exist in the market haven't been made to collaborate outside of your organization. We really wanted to build a platform that allowed you to securely bring in people from outside and know that you can trust that they are who they say they are.

[00:11:31] Justin Paquette: So we've teamed up with id, me, we've teamed up with Microsoft to kind of build this tenant where you know that whoever you're bringing in and giving access to your files is the person that they should be.

[00:11:45] Max Aulakh: That's pretty cool. And Justin, I don't know if you feel comfortable sharing this, but you know, as an audit firm we see all types of architecture.

[00:11:52] Max Aulakh: How does this differ from like a traditional MSP? Because a lot of times, right, organizations are building out these tenants on on GCC high and things like that. What you guys are doing, how is that a different solution, you know, from the perspective of who, who, you know, somebody who might have already seen something like this.

[00:12:11] Justin Paquette: Yeah. And this, you know, without, without getting too technical, you know, this, this, this really is the differentiator in what we're trying to do, right? So most companies will approach this as a managed service provider that is an MS. MSP is coming in and helping you build your environment. If I'm an MSP, you've hired me, max.

[00:12:30] Justin Paquette: I'm coming in and I'm telling you what you should do to build out your environment. I'm helping you to go set up your own Microsoft 365 or your own Google Workspace. I'm getting you. I'm building all this stuff on your behalf that you are going to own and you need to maintain, and you need to pay me forever to take care of it, right?

[00:12:48] Justin Paquette: We wanna do this model as a CSP, which is a cloud service provider, right? So a cloud service provider is somebody who is not building something on your behalf. They are letting you use their systems, right? So we have built this system that is fully compliant and you're, you're using our system, right?

[00:13:09] Justin Paquette: You're paying us a monthly fee, just like any other cloud service that we're used to buying. And you're using our systems, we're maintaining them. We own them.

[00:13:18] Max Aulakh: Got it. And that's where I think that customer responsibility matrix, the body of evidence, everything that's needed. 'cause at the end of the day, that customer needs to be able to attest and get through the audit.

[00:13:30] Max Aulakh: Right. And that's where you guys are providing a lot of the audit support as well as the documentation to see the journey end for them, right. So they can get credentialed.

[00:13:39] Justin Paquette: This is another really, you know, key part of our offering, right? Is that we've designed the system to work in a specific way. We have our documentation and our SSP ready.

[00:13:49] Justin Paquette: We've also partnered with auditors who know the drill auditors who have gone through this, that know that they can get this audit done quickly because they've seen it over and over again. Right? And that's a big part of what we're trying to do, is we're trying to drive down the cost of these audits.

[00:14:05] Justin Paquette: Based on the fact that you don't have to go figure it out each time, it's the same, you know, the same audit, the same paperwork is coming through every time. And so by partnering with specific auditors, we can actually give our customers access to these very cost effecti audits, where we've really brought the cost down as much as we could based on the fact that it's just the same rinse and repeat.

[00:14:28] Max Aulakh: Yeah, and I think over the next. Couple of years. That's what we're hoping is that the cost of consultation, audit and all of that continues to go down. I know that's a big part of our revenue. Yeah. But the truth is that the way we think about it is the more customers we can serve, the better it is.

[00:14:46] Max Aulakh: Because smaller businesses, quite frankly, they just, they can afford it one time, but it's hard for them to sustain it. Right. It's very difficult for them to sustain that, that cost over the long run. Um, well, it

[00:14:55] Justin Paquette: is, it's like buying, it's like buying a new car, you know, or buying a pet, you know, it's like you, you gotta take it to the vet once a three, you know, like you gotta do all of these things you don't necessarily realize you're gonna have to do when you're signing up for these MSP offers, you know?

[00:15:10] Justin Paquette: But that's. That's really what they're doing is they're, they're building you a house that you now own and you pay taxes on, and you have to figure out how to own forever. And we think that's a big advantage. You know, there's, we know that this enclave isn't gonna be for the big companies, you know, the big companies that want have their own internal processes, that have their own sharing and collaboration tools.

[00:15:31] Justin Paquette: If they don't mind going through the, you know, $200,000 audit process and rebuilding all their IT systems, right? What we're looking for is to help these small businesses that are effectively getting priced out because of CMMC, right? We wanna tell people that there is another path here, right? There's a way that you can get CMMC compliant in a day.

[00:15:52] Justin Paquette: That's

[00:15:53] Max Aulakh: a bold statement, Justin, right? I mean, it hasn't been proven yet, but I think it reminds me of, you know, like five years ago they were trying to do a TO in a day, you know, and they did it. I did a podcast with a, an authorizing official from DCSA, and that's what I asked them. I said, if we're at war, can we get an a TO in a day?

[00:16:13] Max Aulakh: Is that possible? And he is like, yeah, here's what I need, and then I'll authorize it. So I, I think we need to do the same thing for CMC somehow.

[00:16:21] Justin Paquette: Yeah. Yeah. We gotta find some way to take the burden off the businesses that they have to just go and embark on this giant overhaul, um, everything that they do, you know, get it to a place where they can sign up for a service like we do with any other cloud services.

[00:16:35] Justin Paquette: You know, sign up for a service. Know that this company's taking care of all the compliance things you need to do. They're telling you what your responsibility is. You sign off saying you're gonna do those things that you know you needed to do anyway, and you've got it right. The, the, the it part

[00:16:50] Max Aulakh: of it is taken care of.

[00:16:51] Max Aulakh: Awesome. Awesome. So, Justin, I think this idea of CMMC in a day is fantastic 'cause there are so many organizations that are trying to pursue different opportunities. I know tomorrow, you know, this legislation comes out, basically writes it into the law that every new opportunity, you gotta be CMMC certified, right?

[00:17:12] Max Aulakh: Level one, two or level three, depending on what it is. Or minimally self-assessed, I guess, organizations that are just looking to get started, what's the best way for them to, you know, get started on this? What advice would you give them before they start even looking at you guys? Right? Because there are some things that.

[00:17:31] Max Aulakh: They should know about the public sector that are weird, that are nuanced. What advice can you give some of these organizations that are just looking to get into this?

[00:17:39] Justin Paquette: I think just to, um, you know, set expectations around how much work you really need to do to win some of these contracts. You know, I, yeah.

[00:17:46] Justin Paquette: As somebody who is in federal contracting for a long enough time to learn, but it just, it's very slow. You know, it's, it's something that you gotta be ready to weather the storm for a little while, and I think there's not a lot of documentation on how to do this. Right. There's a lot of consultants out there that'll do it for you, but there's not a lot of public information and people trying to help.

[00:18:07] Justin Paquette: You know, and, and get the word out there. And, and I think that, you know, listening to, listening to podcasts like yours and, and trying to just like watch YouTube videos of seeing people that know this stuff, that want to just get the information out there so that people can learn. It is a great way to kind of jump into the market.

[00:18:24] Max Aulakh: I think those, that's solid advice. Justin, especially, you know, I, I'm thinking about a small business that's just starting their journey. They're gonna burn through so much cash. Right, right. Just figuring out all while, you know, at the same time, they gotta have this giant infrastructure to make sure that they're quote unquote, CMC compliant when they don't even have a contract in place right now.

[00:18:46] Max Aulakh: Right. Right. So they definitely need like a cost efficient, you know, get your A TL or or CMMC in a day while they're continuing to build their business. I think that's great because most of the time right now all we talk about is how much barrier to entry this is in the government. But this kind of solution, like it can actually help a small business pursue the government while keeping their costs like at Bay, which is like very important.

[00:19:12] Max Aulakh: That's it,

[00:19:13] Justin Paquette: you know? And that's, that's exactly who we wanna help. The people that just need to send some emails back and forth to the government, you know, that need to get some documents to review that need to send some documents to the government, you know, and I'll say, you know. Our solution may not be the best for the team that's delivering a hundred person program, building a new carrier.

[00:19:33] Justin Paquette: Sure. You know, it's, it's that that's not what we're looking to do here. We're, we're really looking to help those companies that just. Don't have giant IT departments that are, you know, manufacturing nuts and bolts that are, you know, selling fire extinguishers for their or even recruitment firms, right?

[00:19:49] Max Aulakh: Like people who are just recruiting on behalf of the government. Right. Manpower, right. Yeah. 'cause they're just getting solicitations. They don't have any hardware or machine shop. Right. It could just get a lot done with just something very, very simple. Yeah. so completely understand. So Justin, one last question.

[00:20:06] Max Aulakh: I know this is a very short. Kind of conversation and, and the podcast, but there's a lot of people that are gonna be, you know, kind of poking holes at this. Like, 'cause, 'cause what you're presenting here, it hasn't been done before. Mm-hmm. From a technology standpoint. But it also hasn't been done from a certification perspective.

[00:20:24] Max Aulakh: Like nobody has gotten CMMC in a day. Right to this day, right now. So it's, it's pretty bold. Where can they get ahold of you guys, Justin, if, if they're interested in exploring and learning a little bit more, more depth about the technology or also like what kind of support you're providing so they can get through the CMMC audit.

[00:20:44] Justin Paquette: Well, yeah, I mean, so let's, let's talk about that first. Like, let's talk about what that looks like. How does CMMC in a day really work? Right, so where it starts off is just signing up, right? So you can go to our website and you can sign up for the plan, you know, just like you would with any other cloud service provider.

[00:20:58] Justin Paquette: Sign up. You know so much money per month and you're good, right? And then we're at, right now we're at $149 a month for our level one offering CMMC level one, and we're at $299 a month for the CUI Vault level two offering, right? So that's everything you need to get level two. So if we start at level one, right?

[00:21:16] Justin Paquette: So what level one is getting you is you, you sign. You get an account with us, you can access your M365. You can access A VDI, right? So we have like a, a remote desktop solution that you can access. So you can open up Word and you can do whatever it is that you need to do, you know, within that VDI. That solution on its own gets you to the place where you can satisfy all of the 17 controls that are asked in SPRS in order for you to test the level one.

[00:21:45] Justin Paquette: Level one, you're gonna sign up. We're gonna send you a customer responsibility matrix. It's just a document that you review to make sure that you understand that you have responsibilities too, right? You know that there's still things that you need to do. Once you acknowledge those responsibilities, you can then just swivel right over to SPRS, and you can say, you know, certify yourself as an enclave, right?

[00:22:06] Justin Paquette: Not as an enterprise. That's really important. As an enclave, you can now go ahead and you can click yes on all 17 of those questions and you can self attest, right? Nice. So that's level one's, like more like an hour. You know, it's, it's the time it takes for you to set up your account for you to acknowledge that you, you know, accept your responsibilities and you're good to go.

[00:22:27] Justin Paquette: Level two is a little bit more involved, right? So there's a few things that have to be met at level two. The first is that your company has to have a system security plan, an SSP, right? And that's non-negotiable. That's one of the requirements for CMMC level two. And that's, that's a big hurdle for a lot of companies.

[00:22:43] Justin Paquette: It's a lot of companies do not know how to write an SS ssp. SSPs can be thousands of pages, you know, in large enterprises, right? So this is a big document that normally requires a cybersecurity professional to do. The way we do it, because you're using our enclave, we can just hand you the system security plan, right?

[00:23:01] Justin Paquette: So we will actually give you your system security plan. We can update the name of your company, but you're using the same system as all of our other customers. You have the same system security plan as all of our other customers, and we provide that to you, right? So. We give you your system security plan, we will, you know, go through the customer responsibility matrix with you as well, which at that point there's still more controls.

[00:23:22] Justin Paquette: Like there's, yeah, there's more things that you need to do at the level two. So we'll walk through that process with you and then you, you know, you're back in, you're back in SPRS and you're answering yes to all the questions, right? So self-assessment is really just sign up with us, acknowledge your responsibilities, get the stuff that you need to have to be able to say that you have it and you're ready to go.

[00:23:42] Max Aulakh: Awesome. Awesome. So that seems like a pretty streamlined process and, you know, thank you transparently for, there's not a lot of people that'll actually give their pricing, which is fantastic. So, Justin, if somebody from who's listening in is like, Hey, I, I wanna try this out. Like, where's the first place they should go to sign?

[00:24:02] Justin Paquette: Ntelsec.com. So N-T-E-L-S-E-C.com is our website. You have information about c ui vault there, you know, the, like we were saying, we also sell sector net. That's actually sold to the government, you know, so. Okay,

[00:24:14] Justin Paquette: That’s the government side's vault, which is the commercial side. Okay. Exactly. CUI vault is what we're selling on the commercial side, and that's where you can come check us out.

[00:24:23] Justin Paquette: We have a lot of information there. We've got some videos and a lot of great resources. We're happy to do demos, you know, we love doing demos for customers. we've got a link there on our website if you'd like to book a demo.

[00:24:34] Max Aulakh: Cool. Well, Justin, definitely very super innovative. I love the idea of CMMC in a day.

[00:24:40] Max Aulakh: I just want to thank you for this quick, you know, presentation in terms of learning about your technology. I appreciate you coming on the show, man. This is awesome. Yeah, it's been great. Good to see you. Awesome. Thank you. Take care. Thank you for tuning in. If you enjoyed the podcast, head over to ignyteplatform.com/reckless. You'll find notes, links and additional content. Head over to iTunes to subscribe, rate, and leave a review.