As part of GracoRoberts’ continued commitment towards cybersecurity and operational excellence, our goal is to align all business units with NIST 800-171r2 (a set of requirements designed to protect sensitive information) as observed in CMMC Level 2 and Cyber Essentials Plus standards.
These initiatives will require collaboration across our entire organization and demonstrate our commitment to safeguarding our staff, suppliers, customers, and intellectual property, while driving innovation that reinforces GracoRoberts’ position as an industry leader.
We’re thrilled to share that GracoRoberts has achieved CMMC Level 2 Certification, a U.S. Department of Defense (DoD) framework across its Defense, Logistics, and Compliance (DLC) supply chain.
This means that our company’s cybersecurity work was carefully checked by a special outside group called Kompleye C3PAO. After successfully completing this audit, our results were accepted into a government system called the Supplier Performance Risk System (SPRS). This shows that we met critical requirements for protecting information, and that our hard work was officially recognized.
This achievement is a true team effort, involving every department. While it appeared to be an Information Technology (IT) driven effort led by Dr. Michael Neumann, the expertise and collaboration of every department, team member, and leader was required. Together, each department aligned their internal processes with CMMC/NIST 800-171r2 standards. The certification was a DoD requirement and ensures we remain eligible for future contracts. Aside from the required audit, changes made resulted in a robust cybersecurity posture that secures data from our partners and clients with the highest standards of data protection.
In parallel, we’ve renewed our Cyber Essentials certification and are advancing toward Cyber Essentials Plus, which is a significantly more stringent standard. Cyber Essentials is a UK government-backed certification program that helps organizations protect themselves against common online security threats through the implementation of basic cybersecurity controls. While compliance is important, our pursuit of CE+ goes beyond requirements—it’s about safeguarding our reputation and the trust our customers place in us.
Key changes you will see include:
These efforts are a shared responsibility and will require involvement from every team member for success.
As we begin incorporating Artificial Intelligence (AI) to enhance productivity and decision-making, GracoRoberts is committed to doing so responsibly and securely.
Our leadership teams are developing clear AI usage policies to ensure all applications meet ethical and security standards, including alignment with CMMC and Cyber Essentials Plus. We are also educating teams on the intersection of AI and data protection to promote safe, informed use.
We view AI as a vital tool for innovation. By proceeding thoughtfully, we can empower our teams to work smarter, faster, and more securely—staying ahead of the competition while maintaining the highest standards of responsibility.
Aligning with NIST 800-171r2, CMMC Level 2, and Cyber Essentials Plus strengthens GracoRoberts’ position as an agile, trusted partner prepared for evolving market and security demands. Our success depends on the collective strength of all business units working together with GRIT (GracoRoberts IT) and determination. This collaboration positions us to meet the challenges of the digital age with confidence and resilience.
Cybersecurity is everyone’s responsibility:
Together, we can build a stronger, more innovative GracoRoberts. Thank you to every team member for your commitment to this journey. Let’s keep pushing the boundaries of what’s possible while keeping security first!