Compliance posture

Compliance is part of program execution at Hardgrove rather than an after-the-fact deliverable. The summary below is the public overview; substantiating documentation is shared with qualified primes during engagement.

Cybersecurity

• Compliance posture aligned with CMMC Level 2 requirements.
• Practices aligned with NIST SP 800-171 controls.
• CUI handling procedures aligned with DFARS 252.204-7012 expectations.
• Periodic third-party penetration testing on customer-facing assets.
• Cloud posture aligned with FedRAMP-Moderate baseline for non-CUI engineering work.

Quality

• Practices aligned with AS9100D quality-management expectations.
• Internal audit cadence designed to match each prime's surveillance approach.
• Earned-value-management practice aligned with ANSI/EIA-748 where program scope requires it.
• Configuration management consistent with EIA-649C principles, with Class I and Class II change control.

Personnel security

• Personnel-security posture sized to active program needs.
• Insider-threat practices aligned with NISP guidance.
• Personnel rotation onto cleared programs follows the customer's program security officer's procedures.

Export control

• Export-control posture managed under our internal compliance program.
• Foreign-person employee policy documented and reviewed annually.
• Deemed-export discipline for the engineering environment.

Ethics

• Annual ethics training for every employee, structured around FAR Part 3 expectations.
• Internal ethics & compliance hotline available to staff and subcontractors.
• Conflict-of-interest screening at engagement start for every new task order.