Built by Someone Who's Written Security Plans for NSA Critical Mission Systems
Not by a marketing agency. Not by a consultant who’s never implemented these controls.
By a former NSA Technical Director with 15+ years in DoD cybersecurity.
Austin McGuire, CISSP, CEH, CySA+
Former NSA Technical Director
I spent 15 years in Department of Defense cybersecurity, including roles at the National Security Agency (NSA) where I served as a Technical Director.
In that role, I wrote System Security Plans for critical mission systems operating at the highest classification levels.
These weren’t generic templates. These were the real frameworks used to protect classified national security systems.
When I left NSA and saw defense contractors struggling with CMMC Level 2 compliance, I recognized the problem immediately:
The documentation frameworks they needed already existed — but they were locked inside classified networks or cost $50K-150K to build from scratch.
So I adapted the frameworks I used at NSA for the unclassified world.
That’s what you get in this package: Professional-grade documentation frameworks that actual compliance programs use.
Not generic templates created by marketers.
The real frameworks used by organizations that take security seriously.
Certifications and Education
Certifications
- CISSP (Certified Information Systems Security Professional)
- CEH (Certified Ethical Hacker)
- CySA+ (Cybersecurity Analyst)
Education
- Master of Science in Cybersecurity
- Master of Science in Information Assurance
- D.Sc. in Cybersecurity (In Progress) Marymount University
Experience
- 15+ Years DoD Cybersecurity
- Former NSA Technical Director
- System Security Plans for Classified Systems
- CMMC and NIST 800-171 Implementation
After leaving NSA, I started consulting with defense contractors on CMMC compliance.
I saw the same patterns repeatedly:
1. Small contractors couldn't afford $50K-150K consultants
They had the technical capability to implement controls, but couldn't pay consultant rates.
2. "Templates" they found online were garbage
Generic, incomplete, no control mappings, no evidence guidance. C3PAO assessors rejected them
3. They were reinventing the wheel
Spending months creating documentation frameworks that already existed.
I realized: What these contractors needed was the documentation framework.
Not implementation services. Not hand-holding.
Just the professional-grade policies, procedures, and templates to guide their implementation.
So I took the frameworks I used at NSA — the ones I knew C3PAO assessors would accept — and adapted them for CMMC Level 2.
That’s this package.
It's not a substitute for doing the work.
You still have to implement the controls. Configure your systems. Train your staff.
But you don’t have to spend months creating documentation from scratch.
You get the framework I used to protect classified systems, adapted for your unclassified environment.
So I took the frameworks I used at NSA — the ones I knew C3PAO assessors would accept — and adapted them for CMMC Level 2.
That’s this package.
And you save $45K-145K in the process.
“The documentation frameworks they needed already existed — but they were locked inside classified networks or cost $50K–150K to build from scratch.”
The Mission: Make CMMC Compliance Accessible
Defense contractors shouldn’t have to choose between:
Paying $50K-150K for consultants
Risking failed assessments with homemade documentation
There’s a third option: Professional-grade documentation frameworks at a fair price.
That’s what Keystone Command provides.
If you're a defense contractor who needs CMMC Level 2 compliance, you have three paths:
Path 1 : Hire a $50K consultant
to build it for you.
Path 2: Build it yourself from scratch
and hope the C3PAO accepts it.
Path 3: Use proven frameworks
from someone who's written these at NSA.
This package is Path 3.
Questions About the Package
austin.mcguire@keystonecommand.com
I read every email personally and respond within 24-48 hours.