TRUST & COMPLIANCE

Built for regulated work, from the start.

A decade of engineering inside DoD healthcare and federally-contracted programs. The control sets, evidence trails, and review cadence required to operate inside HIPAA, NIST, and ATO boundaries are not new, they are the default.

Sectors

DoD Health · Fed Health · Commercial

Tenure under controls

8+ years

Posture

Engagement-level, audit-ready

CONTROL SETS WE HAVE WORKED UNDER

Frameworks, plainly.

These are the control sets we have actively delivered against on engagements, not certifications held by Acme Plexus as a CSP. The difference matters and we are explicit about it on every project.

Healthcare

HIPAA

Health Insurance Portability and Accountability Act

PHI handling, BAAs, encryption at rest and in transit, audit logs.

Federal

NIST 800-53

Security and Privacy Controls for Federal Systems

Moderate baseline implementation, control-family mapping, evidence collection.

Federal

NIST 800-171

Protecting CUI in Nonfederal Systems

DFARS / CMMC alignment, 110 controls, SSP authoring.

Commercial

SOC 2 Type II

Trust Services Criteria, Security, Availability

Policy authoring, control mapping, audit prep and evidence.

Federal

FedRAMP

Federal Risk and Authorization Management Program

Moderate / High readiness paths, 3PAO coordination support.

Federal

FISMA

Federal Information Security Management Act

System categorization, risk assessment, continuous monitoring.

Federal

RMF / ATO

Risk Management Framework, Authority to Operate

ATO package prep, POA&M tracking, system boundary diagrams.

Defense

CMMC 2.0

Cybersecurity Maturity Model Certification

Level 2 control alignment for DoD subcontractor work.

Acme Plexus LLC is not a CSP, FedRAMP-authorized, or independently SOC 2-attested as a standalone entity. The claims above describe project-level work performed under prior employers' authorities or as a subcontractor inside a customer's accreditation boundary. If you need a CSP or attested vendor, we will tell you that and refer you out.

INDUSTRIES SERVED

Where this work has shipped.

Engagements across federal health, defense health, and adjacent regulated commercial sectors.

DoD Healthcare

4 PROJECTS

Direct delivery and clinical referral workflows for military medical centers.

Federal Health

3 PROJECTS

Care-coordination tooling for federally-contracted health programs.

Health Insurance / InsurTech

2 PROJECTS

Claims triage, member portals, and pre-adjudication AI.

Logistics & Supply Chain

5 PROJECTS

Carrier ops dashboards and vendor-document automation.

Manufacturing

3 PROJECTS

SAP integration glue and supplier-confirmation automation.

Series A–C Startups

8 PROJECTS

Greenfield products and internal tools for funded teams that need to ship.

HOW WE HANDLE EVIDENCE

Audit-ready by default, not by retrofit.

Every engagement gets the same baseline: encryption at rest and in transit, signed-in audit logs, principle-of-least-privilege IAM, and an evidence folder that updates itself from the pipeline.

When a customer's auditor asks for a control walkthrough, the answer is a 15-minute screen-share, not a three-week scramble.

REGULATED WORK

Building inside a control boundary?

Send the framework, the scope, and the deadline. We will tell you within one business day whether we can deliver inside it, and what evidence we will produce as we go.

Schedule a call Send a brief