About Ho-Chunk, Inc.
Industry: Staffing, Tribal Economic Development
Ho-Chunk, Inc. is the economic development corporation owned by the Winnebago Tribe of Nebraska. Ho-Chunk, Inc.’s mission is to create jobs and help the Tribe become economically self-sufficient. The company’s award-winning approach funds programs, partnerships, and charitable donations in the Winnebago community.
All Native Group is one of Ho-Chunk, Inc.’s government contracting divisions, staffing an array of government contracts. All Native Group’s work spans simple essentials—administrative support, budget analysis, and vehicle and facility maintenance—to complex technical capabilities—systems design, engineering, cybersecurity, and modeling and simulation.

Learn how Ho-Chunk, Inc. achieved:
- Cybersecurity Maturity Model Certification (CMMC) Level 2 at the enclave level
- Compliance support across the organization
- A secure foundation for its government contracting division
- Long-term alignment around Controlled Unclassified Information (CUI) protection and CMMC readiness
The Challenge
Ho-Chunk, Inc. needed to prepare for and achieve CMMC certification while supporting the needs of multiple divisions and business units.
Ho-Chunk, Inc.’s challenge was to establish a compliant environment capable of supporting CUI-related work while maintaining a practical, scalable structure for the organization’s future CMMC and CUI needs.
Ho-Chunk, Inc. partnered with Summit 7 to:
- Support CMMC certification at the enclave level
- Protect CUI for government contracting operations
- Provide a compliance-ready foundation for All Native Group
- Extend Summit 7 support across the broader Ho-Chunk, Inc. organization
- Build a long-term cybersecurity and compliance partnership
One of the biggest challenges Ho-Chunk, Inc. identified was the cost and complexity associated with CMMC readiness.
The organization began pursuing National Institute of Standards and Technology (NIST) SP 800-171 compliance in 2018, before pivoting toward CMMC preparation as the program evolved. Initially, Ho-Chunk, Inc. attempted to secure its Microsoft commercial environment but eventually determined that a compliant enclave strategy would better support long-term growth and future CUI handling requirements.
In 2021, Ho-Chunk, Inc. partnered with Summit 7 to build out its enclave environment and support long-term compliance operations.
Ho-Chunk, Inc. also set out to:
- Determine the right enclave strategy for handling CUI
- Prepare policies and procedures for assessor review
- Translate operational practices into compliant audit language
- Navigate inconsistencies in how agencies interpret CUI and CMMC requirements
- Prepare for a lengthy CMMC Third-Party Assessment Organization (C3PAO) assessment process
As their Chief Information Officer (CIO), Jerry Beavers explained, passing a CMMC assessment requires more than implementing technical controls. In addition to technical controls, Ho-Chunk, Inc. found Summit 7 essential to developing new policies and articulating them to assessors.
The Solution
Ho-Chunk, Inc. first partnered with Summit 7 in 2021 to establish its enclave environment through Guardian, our managed services offering. Since then, Summit 7 has become a long-term cybersecurity and compliance partner.
The environment primarily supports All Native Group, one of Ho-Chunk, Inc.’s government contracting divisions, while also acting as part of the broader organization’s compliance strategy.
Summit 7 partnered with the organization to:
- Design and build its enclave strategy
- Establish a compliant Government Community Cloud (GCC) High environment
- Support ongoing enclave management and operations
- Prepare policies, procedures, and documentation for assessment
- Conduct readiness and assessment preparation activities
- Participate directly in discussions with the C3PAO during assessment activities
In 2024, Ho-Chunk, Inc. expanded its partnership by adding Vigilance managed security services to strengthen monitoring and cybersecurity operations as the organization prepared for certification.
Summit 7 also supported Ho-Chunk, Inc. during its formal C3PAO assessment process, which lasted more than a month and required multiple revisions to the organization’s System Security Plan (SSP).
According to Beavers, Summit 7’s biggest impact came during assessment preparation and assessor engagement.
During assessor discussions, Summit 7 actively participated in meetings and helped interpret assessment guidance and compliance expectations.
The organization ultimately passed all 110 controls with no Plan of Action and Milestones (POA&Ms).
In 2026, Ho-Chunk, Inc. continued expanding its secure environment by working with Summit 7 on Azure Virtual Desktop (AVD) initiatives within its GCC High tenant and adding additional Vigilance for Azure services.
The Results
Ho-Chunk, Inc. achieved CMMC Level 2, creating a secure foundation for its government contracting division and future CUI-related work.
CMMC Level 2 Certified Enclave
Ho-Chunk, Inc. certified an enclave at CMMC Level 2 in October 2025, primarily supporting All Native Group along with additional operations supporting government resale activities.
Expanded Readiness for Government Contracts
Ho-Chunk, Inc. now has the ability to pursue and support contracts that require CMMC certification and secure CUI handling.
According to Beavers, the organization’s most recent contracts already require CMMC certification, and he expects nearly all future contracts to reference CMMC requirements in some form.
The organization also views certification as validation of its overall cybersecurity maturity and operational competence.
About Ho-Chunk, Inc.
Ho-Chunk, Inc. is the economic development corporation owned by the Winnebago Tribe of Nebraska. Ho-Chunk, Inc.’s mission is to create jobs and help the Tribe become economically self-sufficient. The company’s award-winning approach funds programs, partnerships, and charitable donations in the Winnebago community.
About Summit 7
Summit 7 is the leading cybersecurity, compliance, and cloud engineering partner for the Aerospace and Defense industry. Specializing in CMMC, NIST 800-171, Defense Federal Acquisition Regulation Supplement (DFARS), and Microsoft GCC High solutions, Summit 7 helps organizations secure CUI, prepare for audits, and compete confidently in the federal marketplace.
Contact
Speak With Our Team
Our team of compliance and cybersecurity experts are on standby and ready to help. We’ll walk you through what you need and what to expect.
