Stop Guessing. Start Attesting.

A six-week live training that takes small defense contractors from compliance confusion to a completed CMMC Level 1 self-assessment — with every document, template, and worksheet included.

Built on the BEEHIVE Method™. Taught by a CISSP and Navy veteran who has seen what happens when small contractors get this wrong.

Live cohort - limited to 15 students. Starts the week of April 7th.

You Signed the Affirmation. Can You Prove It?

Most small defense contractors submitted their SPRS score based on a checklist someone downloaded from the internet. No System Security Plan. No organized evidence package. No real understanding of what they attested to.

That's not compliance. That's exposure.

The False Claims Act doesn't care that you were trying. It cares whether your affirmation was accurate and whether you can defend it.

The official CMMC documentation was written for large organizations with dedicated compliance teams. If you have fewer than fifty employees and you're trying to figure out SPRS while also running your business — that documentation is not your friend.

This course is.

Taught by a Practitioner, Not a Checkbox Vendor

Gary Whitsett is the founder and CEO of Bees Computing, a veteran-owned cybersecurity and AI transformation consultancy based in Colorado Springs, Colorado.

  • CISSP — Certified Information Systems Security Professional

  • MBA

  • U.S. Navy veteran

  • 35+ years in IT and cybersecurity

  • Global cybersecurity trainer

  • Speaker, ISSA Colorado Springs

Gary built the BEEHIVE Method™ after years of watching small organizations invest in security and compliance initiatives without alignment, governance, or measurable outcomes. This course is the methodology applied directly to the problem you're facing right now.

Gary Whitsett

Not Theory. Actual Documents You Submit.

Every student who completes this course walks away with:

  • Completed FCI Asset Inventory — every in-scope system identified and documented

  • Data Flow Map — tracing Federal Contract Information through your organization

  • Self-Assessment Scoring Worksheet — all 17 CMMC Level 1 practices rated with evidence

  • Minimum-Viable System Security Plan — written, structured, ready to stand behind

  • Organized Evidence Package — filed, named, and submission-ready

  • SPRS Score submitted — with or without a POA&M, documented and defensible

  • 90-Day BEEHIVE Roadmap — your next steps beyond the baseline

  • Lifetime access to all course recordings

These are not worksheets you fill out and file away. These are the actual documents that make your SPRS affirmation defensible.

Six Weeks. One Hour Per Week. One Problem Solved.

Each live session runs approximately 60–90 minutes via Zoom. Sessions are recorded. Miss a week — you don't fall behind.

Click each week below to get more details about the content provided.

Week 1 — Why CMMC Level 1 Exists and What's Actually at Stake

The legal grounding. What DFARS 252.204-7021 actually says, what the SPRS affirmation legally commits you to, and what False Claims Act exposure looks like at the SMB scale.

Week 2 — Find Your FCI: Scoping Your Environment

Map every system that touches Federal Contract Information before you assess a single practice. Includes live walkthrough of the FCI Asset Inventory template and Data Flow Map worksheet.

Week 3 — The 17 Practices in Plain Language

Walk through all 17 CMMC Level 1 practices, rate each one MET / PARTIALLY MET / NOT MET, and calculate your preliminary SPRS score. The Self-Assessment Scoring Worksheet does the math.

Week 4 — Building Your Evidence Package

Write your System Security Plan, organize your evidence folder, and understand what documentation actually needs to exist before you can attest to anything. Includes a live policy-writing demonstration.

Week 5 — Submitting Your Self-Assessment in SPRS

Step-by-step walkthrough of the SPRS portal. What the senior official affirmation means. How to submit with a POA&M for open items. What not to do.

Week 6 — From Baseline to Business Readiness

Read your results as a business diagnostic. Understand where the BEEHIVE phases go from here. Build your 90-day roadmap for closing gaps and strengthening your competitive position.

Sessions are instructor-led with chat-based Q&A — no cold-calling, no hot seats. Ask questions at your pace, get answers in context.

You Won't Do This Alone

Throughout every module you'll work alongside Apex Precision Manufacturing — a fictional fourteen-employee defense subcontractor that starts this course in the same place most small contractors start: they think they're probably compliant, but they can't prove it.

Apex's completed documents serve as your reference standard at every step. Their FCI Asset Inventory, their scoring worksheet, their SSP, their evidence package, their SPRS submission. You see exactly what a finished, defensible set of documents looks like before you build your own.

By Week 6, Apex has a SPRS score of 108, a POA&M for their three open items, and a 90-day BEEHIVE roadmap. So do you.

Founding Cohort Exclusive: Monthly Compliance Office Hours

Founding cohort students receive access to a monthly live Q&A session with Aaron Gilmore, an RP Designate candidate with deep CMMC expertise.

Bring your specific questions about scoping decisions, evidence gaps, POA&M items, or assessment rationale. Get practitioner-level perspective from someone who knows this framework inside and out.

These are not advisory sessions and do not constitute compliance advisory services — but they are the closest thing to a knowledgeable practitioner in the room that most small contractors will ever have access to.

Monthly Q&A sessions are included for founding cohort students. Availability subject to cohort enrollment.

This Course Is Built For You

This is the right fit if you:

  • Are a small defense contractor or subcontractor with one or more active DoD contracts

  • Have DFARS clause 252.204-7021 in your subcontract agreements

  • Need to complete your annual CMMC Level 1 self-attestation

  • Have fewer than 50 employees and no dedicated compliance staff

  • Want to build internal capability rather than pay a consultant to do it for you

  • Are willing to do the work — six hours over six weeks

This is not the right fit if you:

  • Are pursuing CMMC Level 2 or above certification (this course covers Level 1 only)

  • Are looking for someone to do the assessment for you

  • Need a C3PAO or Registered Practitioner for a third-party assessment

  • Are not subject to DFARS 252.204-7021

Founding Cohort Pricing

Busy Bee: CMMC Baseline — Live Cohort $997 $597

Founding Cohort — First Two Cohorts Only

Includes:

  • Six live weekly sessions via Zoom

  • All templates, worksheets, and course materials

  • Apex Precision case study with completed answer keys

  • Lifetime access to session recordings

  • Monthly Compliance Office Hours with RP Designate (founding cohort exclusive)

  • Access to the recorded self-paced course when it launches ($597 value — included free)

Cohort 1 starts the week of April 7th. Cohort 2 starts the week of April 21st.

Cohort size is capped at 15 students to maintain live interaction quality.

After the founding cohort period, live cohort pricing returns to $997. The self-paced recorded course will be available separately at $597.

This course is provided for educational purposes. It does not constitute CMMC advisory services, legal advice, or compliance advisory services. Bees Computing LLC is not an accredited C3PAO or RPO. Students are solely responsible for the accuracy of their self-assessment and any affirmation submitted in the SPRS portal. Completion of this course does not guarantee CMMC compliance or contract eligibility.

STILL NOT SURE?

Frequently Asked Questions

Do I need any prior cybersecurity knowledge?

No. This course is designed for business owners and compliance leads who understand their operations but have no formal security training. If you know how your business works and which systems you use, you have everything you need to start.

What if I miss a session?

Every session is recorded and available immediately after the live call. You won't fall behind. The templates and worksheets are designed to be worked through at your own pace between sessions.

Is this course applicable to CMMC Level 2 or 3?

No. This course covers CMMC Level 1 self-attestation only — the seventeen practices required under 32 CFR Part 170 for organizations handling Federal Contract Information. Level 2 requires a third-party assessment by an accredited C3PAO. If Level 2 is in your future, completing this course gives you a documented baseline to build from. Level 3 builds on Level 2.

What systems do I need?

Any organization using standard business tools — Microsoft 365, Google Workspace, or similar — can complete this course. You do not need specialized security tools or software.

Will this course keep me out of legal trouble?

This course gives you the knowledge, framework, and documents to make a defensible SPRS affirmation. It does not provide legal advice. For legal questions about your specific contracts or compliance obligations, consult qualified legal counsel.

What happens after I complete the course?

You'll have a completed CMMC Level 1 baseline and a 90-day BEEHIVE roadmap. Students who want to go deeper — broader organizational security, AI readiness, operational governance — can explore a Busy Bee or Pollinator engagement with Bees Computing. There is no obligation.

Is there a payment plan?

Contact us at [email protected] to discuss options if the full payment presents a hardship. We want this accessible to the contractors who need it most.

The Right Time to Build Your Baseline Is Before You Need It.

Six weeks. One problem solved.

Your prime contractor isn't going to wait. The False Claims Act doesn't have a grace period for good intentions. And the SPRS affirmation you submitted last year on a downloaded checklist is sitting in a federal database right now.

This course gives you the documented, defensible baseline that makes that affirmation true.

Questions? Email [email protected]