Patriot Defense Systems, Inc.

CAGE: 8K7D9 | CMMC CLASSROOM CASE STUDY

Annual Revenue
$42.8 Million
Employees
165
Across 6 locations
Clearance
FCL Active
Since 2009
Primary Customer
U.S. Army
TACOM LCMC
Mission & Overview
"Delivering mission-critical vehicle components with unwavering quality, precision, and security to support America's defense readiness."

Patriot Defense Systems, Inc. (est. 2008) is a mid-sized defense contractor specializing in the design, manufacturing, and delivery of critical replacement parts for U.S. Army tactical and combat vehicles. With advanced manufacturing capabilities across Texas and a strategic presence in Washington, DC, the company maintains multiple concurrent contracts within the Defense Industrial Base (DIB).

Facilities

HQ - Fort Worth, TX

3450 Defense Industry Drive

Functions: Exec Leadership, Finance, HR, QA

Sales - Fort Worth, TX

3460 Defense Industry Drive

Functions: Bus. Dev, Proposals, Cust. Service

Manufacturing - Plano, TX

8920 Industrial Parkway

Functions: Precision Machining, Metal Fab, Assembly

Manufacturing - San Antonio, TX

6735 Military Boulevard

Functions: Heavy Mfg, Welding, Warehouse

IT Center - El Paso, TX

2100 Technology Center

Functions: SOC, NOC, Help Desk, Data Center

Comms - Washington, DC

1875 K Street NW

Functions: Govt Liaison, Contracts, Compliance

Key Leadership
Robert J. Martinez
CEO
Jennifer L. Thompson
COO
Michael K. Patel
CFO
Dr. Maya Patel
CISO
El Paso, TX
Rick Anderson
CIO
El Paso, TX

DoD Contract Portfolio

Total Contract Value: $47,550,000

CMMC Level 2 Req
4 Contracts
CMMC Level 1 Req
2 Contracts

M1 Abrams Tank Parts

CMMC L2
#W56HZV-23-C-0089 | IDIQ

Replacement components for M1A2 Abrams main battle tanks (hydraulics, suspension).

Value: $8,450,000
Data Type: CUI
Technical specs & engineering drawings

HMMWV Modernization

CMMC L2
#W56HZV-22-C-0341 | FFP

Electrical systems and armor attachment brackets for vehicle upgrades.

Value: $12,200,000
Data Type: CUI
Design specs & installation procedures

Bradley Fighting Vehicle

CMMC L1
#W56HZV-24-C-0156 | CPFF

Precision-machined transmission components and drive shafts.

Value: $5,850,000
Data Type: FCI
Performance data & delivery schedules

JLTV Brake Systems

CMMC L2
#W56HZV-23-C-0412 | FFP

Advanced braking system components and ABS modules.

Value: $9,750,000
Data Type: CUI
Performance specifications & test data

Paladin Howitzer Parts

CMMC L1
#W56HZV-24-C-0278 | FFP

Critical replacement parts including hydraulic cylinders and elevation mechanisms.

Value: $4,200,000
Data Type: FCI
Delivery schedules & maintenance docs

MRAP Suspension

CMMC L2
#W56HZV-22-C-0523 | IDIQ

Enhanced suspension system components for harsh terrain.

Value: $7,100,000
Data Type: CUI
Engineering designs & test results

Server Infrastructure (21)

  • Domain Controllers
    Dell R450, Win Svr 2022
    4 Units
  • File Servers
    Dell R740, 20TB RAID
    3 Units
  • Database Servers
    SQL 2022 (ERP/MES)
    2 Units
  • App Servers
    Web/Business Apps
    3 Units
  • Backup Servers
    Veeam, 40TB
    2 Units

Cloud Services

  • Microsoft 365 E5: All users (Exchange, Teams, SharePoint).
  • AWS: Dev/Test environments only (VPC, EC2).
  • Azure Gov (Planned): In procurement for CUI storage (CMMC L2).

Operational Technology (OT) & Manufacturing

Plano Facility

  • 8x Haas CNC Vertical Machining Centers
  • 4x FANUC Industrial Robots
  • 2x Hexagon CMMs (Windows 10 IoT)
  • 12x MES Terminals (Advantech)

San Antonio Facility

  • 6x Haas VF-6SS CNC Machines
  • 6x KUKA Welding Robots (KRC4)
  • 2x Schuler Industrial Presses (Siemens PLC)
  • 10x MES Terminals (Advantech)
Security Note:

Some legacy CNC/PLC systems run older/embedded OS versions. Mitigation relies heavily on network segmentation (VLANs 50-80) and isolation.

Endpoints (200 Total)

Location Device Types Count Security
Fort Worth (HQ/Sales) Dell Latitude 5440/5540 73 BitLocker, Intune, SEP
Manufacturing (Plano/SA) Latitude 5440 + Precision 3581 (CAD) 60 BitLocker, Intune, SEP
El Paso (IT) Latitude 5540 + Precision 3581 25 Privileged Access Controls
Washington DC Dell Latitude 5440 15 BitLocker, Intune, SEP

Network Segmentation Strategy

VLAN 10
Management (IT Staff Only)
VLAN 20
Corporate (Office Users, Email)
VLAN 40
Engineering (CAD, Restricted Internet)
VLAN 50/60
Manufacturing (MES, No Internet)
VLAN 70/80
Automation/ICS (Robots, PLCs - ISOLATED)
VLAN 90
Guest Wi-Fi (Complete Isolation)

Firewalls: Palo Alto PA-3260 (Edge) at El Paso, Fort Worth, DC.

Core: Cisco Catalyst 9500s with 10Gbps uplinks.

Security Stack

SIEM
Splunk Enterprise Security
IDS/IPS
Cisco Firepower
Vulnerability Scan
Tenable Nessus Pro
MFA
Duo Security
DLP
Microsoft Purview
Endpoint
Symantec Endpoint Protection

CMMC Compliance Progress

NIST SP 800-171 (Level 2 Target)
87 / 110 Controls
Level 1 Self-Assessment: Completed Target Certification: April 2025

Top Compliance Risks

  • Supply Chain:

    Subcontractors may not meet CMMC flow-down requirements.

  • Legacy Mfg Equipment:

    Cannot install agents on embedded OS CNC machines.

  • Incident Response:

    Testing frequency gap; IR plan needs more tabletop validation.

Annual IT Budget Allocation ($2.8M)

Personnel consumes 75% of budget

Instructor Guide

Use this case study for the following learning objectives:

1. CMMC Scoping

Have students identify which VLANs constitute the "CUI Assessment Scope" and which are out of scope. Discuss why the Guest Network (VLAN 90) is treated differently.

2. Gap Analysis

Using the asset inventory, ask students to map specific NIST 800-171 controls to the available tools (e.g., Control 3.14.1 to Splunk/Cisco Firepower).

3. Incident Response

Run a tabletop exercise based on "Incident 2" (USB in manufacturing). How does the lack of agents on OT devices complicate this?

4. Cloud Governance

Discuss the implications of moving CUI to Azure Government. What changes in the Shared Responsibility Model?