Pittsburgh Manufacturer IT Support: 99.9% Uptime CMMC

PGH Networks is a Pittsburgh-based managed IT services provider that supports small and mid-market manufacturers across the Pittsburgh metro — including Allegheny, Washington, Westmoreland, Butler, and Beaver counties — with shop-floor uptime, ERP/MRP support, IT/OT network segmentation, and CMMC readiness. This case study walks through how we delivered Pittsburgh manufacturer IT support that produced 99.9% shop-floor uptime and CMMC Level 2 readiness for a small Pittsburgh-area machine shop being pressured by a Department of Defense prime to prove its cybersecurity posture.

The story below is anonymized, but the technical work, sequencing, and outcomes are representative of the manufacturing engagements we run.

The buyer scenario

The client is a 70-employee precision machining shop in Washington County, PA, supplying machined components to aerospace and defense primes. Two CNC cells run lights-out overnight. The business runs Global Shop Solutions for ERP/MRP, with a handful of legacy Windows machines on the shop floor driving CMMs and label printers. Annual revenue is in the $18–22M range. Their internal "IT person" is a controller who inherited the network ten years ago.

Three things hit at once: a phishing incident locked two front-office workstations, their largest customer issued a CMMC Level 2 flow-down requirement with a 12-month deadline, and the ERP server — a single aging Hyper-V host — crashed twice in one quarter, stopping production both times.

The challenge

The environment had the failure patterns we see often when a Pittsburgh manufacturer outgrows a break-fix relationship. The network was flat: front-office PCs, the ERP server, CNC controllers, and a guest Wi-Fi SSID all sat in the same broadcast domain, meaning a single compromised laptop could reach a HAAS controller. There was no documented incident response plan, no MFA on remote access, and backups were running to a USB drive that had not been tested in over a year.

On the compliance side, a self-assessment against NIST SP 800-171 surfaced 78 of 110 controls as either "not met" or "partially met" — a typical starting score for a small manufacturer that has never been audited. The customer's CMMC Level 2 flow-down meant the gap had to close before the next contract option year.

A flat network is the single biggest reason a phishing email in accounting can stop a CNC cell at 2 a.m.

How PGH Networks solved it

TL;DR: We sequenced the work so production stability came first, ransomware blast radius shrank second, and CMMC evidence collection ran in parallel — not as a separate, disruptive project.

The engagement ran in three overlapping tracks over nine months.

Production stability first. We migrated Global Shop Solutions onto a new two-node Hyper-V cluster with replicated storage, moved backups to an immutable, offsite repository in a Pittsburgh-region datacenter, and put the ERP database under 24/7 monitoring with defined RTO (4 hours) and RPO (15 minutes). Shop-floor printers and CMM PCs that could not be patched were inventoried, tagged, and isolated rather than replaced mid-quarter.

IT/OT segmentation. We rebuilt the network around four VLANs — corporate, OT/shop floor, guest, and a management VLAN — with an inspected firewall boundary between IT and OT and explicit allow-list rules for the ERP-to-MES data flow. Remote vendor access for the CNC OEM was moved off a shared VPN account onto a brokered, logged, MFA-gated path.

CMMC Level 2 readiness. Working from the NIST 800-171 control set, we deployed MFA across all users, EDR on every endpoint that could run an agent, centralized logging with 90-day retention, encrypted laptops, and a written System Security Plan (SSP) and Plan of Action and Milestones (POA&M). Policy templates were tailored to the client's actual operations rather than dropped in as boilerplate, because a C3PAO assessor will ask the controller to walk through them.

Throughout, our service desk handled day-to-day tickets so the controller could go back to being a controller.

Outcomes

Twelve months in, the measurable results for this Pittsburgh manufacturer IT support engagement:

• Shop-floor uptime: 99.9% measured against ERP and MES availability during production shifts, up from an estimated 97.2% the prior year.
• CMMC Level 2 readiness: 108 of 110 NIST 800-171 controls fully met, with the remaining two on a dated POA&M acceptable to their prime.
• Mean time to resolve Priority 1 tickets dropped to 38 minutes from a previous baseline where after-hours issues often waited until morning.
• Cyber insurance premium at renewal decreased by roughly 18% after the carrier reviewed the new MFA, EDR, and immutable backup posture.
• Zero ransomware incidents in the 12 months following segmentation and EDR deployment.

The two unplanned production stoppages from the prior quarter did not repeat.

Why this matters for other Pittsburgh manufacturers

If you are a small manufacturer in the Pittsburgh metro — Coraopolis, Canonsburg, Cranberry Township, New Kensington, Aliquippa, or McKeesport — and any of the following are true, the pattern in this case study probably applies to you: your ERP (Epicor, Global Shop, SAP Business One, Microsoft Dynamics, Infor) runs on a single aging server; your shop floor and front office share a network; a prime contractor has sent you a CMMC or NIST 800-171 questionnaire; or your cyber insurance renewal is asking questions you cannot confidently answer.

The work is not exotic. It is sequencing, discipline, and choosing a partner who has done it inside a real machine shop rather than only inside an office. That is the core of Pittsburgh manufacturer IT support as we practice it.

Frequently asked questions

Does PGH Networks support Epicor, Global Shop Solutions, and SAP Business One?
Yes. We support the infrastructure layer (servers, SQL, backups, performance, DR) and coordinate with the ERP vendor's application team on upgrades and customizations.

Can PGH Networks take a small manufacturer to CMMC Level 2?
Yes. We deliver NIST SP 800-171 gap assessments, build the SSP and POA&M, implement the technical controls, and prepare clients for a C3PAO assessment. We are not a C3PAO; we are the MSP that gets you ready for one.

What is IT/OT segmentation and why does a 50–100 employee shop need it?
It is the practice of separating shop-floor control systems (CNCs, PLCs, MES, CMMs) from the corporate IT network so a phishing incident in accounting cannot stop production. At 50+ employees with networked machines, the blast-radius math stops favoring a flat network.

What is your response time for a Pittsburgh-area manufacturer with a line down?
Priority 1 (production stopped) tickets are triaged within 15 minutes, 24/7, with on-site dispatch available across the 75-mile service radius from 15220.

Where does PGH Networks operate?
The Pittsburgh metro and surrounding counties — Allegheny, Washington, Westmoreland, Butler, Beaver, Armstrong, and Fayette — within 75 miles of zip code 15220.