Tyto Athene Acquires stackArmor Inc. to Expand Cyber Compliance and Cloud Capabilities for Government Customers
RESTON, Va., May 8, 2025 /PRNewswire/ -- Tyto Athene, LLC ("Tyto"), a federal systems integrator of mission-focused digital transformation solutions, and portfolio company of Arlington Capital Partners ("Arlington"), has completed its acquisition of stackArmor, Inc., a premier provider of FedRAMP, FISMA/RMF and CMMC/DFARS compliance acceleration, cloud and security automation solutions for government agencies and the industrial base.
"The acquisition of stackArmor represents a significant milestone in Tyto's growth strategy," said Dennis Kelly, Chief Executive Officer of Tyto Athene. "stackArmor's innovative cyber, compliance and cloud automation solutions will immediately enhance our ability to support critical missions across defense, national security and public safety sectors. We're excited to welcome co-founders Gaurav 'GP' Pal and Fawad Siraj and the entire stackArmor team to the Tyto family as we work together to help our customers achieve mission success."
Tyto connects government and defense leaders with technologies to seamlessly integrate and modernize enterprise-level operations, increasing mission resiliency, capability and flexibility for U.S. agencies around the globe. As a wholly-owned subsidiary, stackArmor will provide Tyto with industry-leading cloud strategy, migration and cloud managed services for regulated industries in compliance with FedRAMP, FISMA, CMMC, HIPAA, StateRAMP, CJIS and NIST standards. stackArmor will also provide its cyber automation and continuous monitoring solutions, ThreatAlert® Security Platform and Continuous ATO (cATO), to further bolster Tyto's cyber support for government partners.
"By combining the capabilities of Tyto and stackArmor, we're able to deliver secure and cost-efficient digital infrastructure that accelerates the mission of our government and defense customers through automation," said Gaurav "GP" Pal, Principal of stackArmor. "We share a deep commitment to public sector innovation, and we look forward to joining the Tyto family to propel business growth and operational excellence."
Since 2016, stackArmor has been a global trusted provider of compliance-based cloud solutions for the public sector. The Company's trademarked ATO for AI™ and ThreatAlert® Security platforms have helped agencies across defense, space and healthcare markets reduce the time and cost of an ATO by 40%. Ranked #26 in the Top 100 Cloud Managed Services Providers, stackArmor will strengthen Tyto's delivery of scalable cloud and compliance-driven solutions across the federal and defense landscape.
"The acquisition of stackArmor complements Tyto's acquisitions of MindPoint Group and Microtel, underscoring our commitment to building a differentiated portfolio of mission-enabling technologies and services," said Michael Lustbader, a Managing Partner at Arlington Capital Partners. "Their expertise in automation and cloud enhance Tyto's position in delivering secure, compliant cloud solutions and support Tyto's development into a premier end-to-end digital transformation partner for the Federal government."
About Tyto AtheneTyto Athene delivers secure, mission-critical technology solutions that empower defense, intelligence, and civilian agencies to modernize infrastructure, strengthen cybersecurity, and stay ahead of evolving threats. As a mission-driven integrator, we combine deep technical expertise with a hands-on, collaborative approach to ensure agencies have the tools needed for operational success. From network modernization to cyber defense, we help organizations turn data into actionable insights, enabling information dominance and greater mission effectiveness. Our commitment to innovation and customer success drives us to deliver solutions that enhance security, resilience, and communications across the government landscape. Headquartered in Reston, VA, Tyto has eleven offices in the U.S. and Europe. For more information, visit https://gotyto.com/ or follow Tyto on LinkedIn.
About Arlington Capital PartnersArlington Capital Partners is a Washington, D.C.-area private investment firm specializing in government-regulated industries. The firm partners with founders and management teams to build strategically important businesses in the government services and technology, aerospace and defense, and healthcare sectors. Since its inception in 1999, Arlington has invested in over 175 companies and is currently investing out of its $3.8 billion Fund VI. For more information, visit Arlington's website at https://arlingtoncap.com/.
View original content to download multimedia:https://www.prnewswire.com/news-releases/tyto-athene-acquires-stackarmor-inc-to-expand-cyber-compliance-and-cloud-capabilities-for-government-customers-302449279.html
SOURCE Tyto Athene, LLC
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Forbes
5 days ago
- Forbes
DoD Secretary Hegseth Draws A Line: Cybersecurity No Longer Optional
When Secretary of Defense Pete Hegseth talks about strengthening America's military edge, he does not just mean more ships or jets. He also means securing the digital backbone that makes them work. On July 18, 2025, Hegseth issued a DoD memorandum titled 'Enhancing Security Protocols for the Department of Defense' ordering a comprehensive review of all IT and cloud capabilities to protect against supply chain threats from adversaries such as China and Russia. He explicitly directed Katie Arrington, the DoD CIO, to leverage CMMC as a key mechanism for fortifying the Defense Industrial Base. The memorandum required implementing guidance within 15 days and empowered the undersecretary for intelligence and security to audit personnel and insider threat programs of DIB vendors. Hegseth stated 'The DoD will not procure any hardware or software susceptible to adversarial foreign influence…' and declared that CMMC must be central to this effort. That memo came just as CMMC's formal regulatory framework was finalized. CMMC is no longer optional for companies and contractors who handle Controlled Unclassified Information or Federal Contract Information. The final rule was drafted in 2024 and submitted to OIRA on July 22, 2025. Once approved and published in the Federal Register, it will take effect and trigger Phase 1 implementation. By October 1, 2025, most new Department of Defense contracts will require CMMC. After October 31, 2026, certification will not just be a best practice. It will be the price of admission to the defense market, which is expected to reach $320.86 billion in 2025. What Is CMMC CMMC stands for Cybersecurity Maturity Model Certification. It is the framework the Department of Defense created to ensure that every company doing work for the Pentagon, from aerospace giants to small parts suppliers, has cybersecurity practices 'up to the task' of defending against cyber intrusions, according to In plain terms, CMMC requires defense contractors and their subcontractors to implement specified security controls and prove compliance through formal certification. This is not a paperwork drill. It is about safeguarding sensitive unclassified data like contract details and technical drawings that adversaries, including nation‑state hackers, would love to steal. Under the current CMMC 2.0 version, there are three certification levels, down from five in the original model. Level 1 covers basic cybersecurity for companies handling only Federal Contract Information. Level 2 is for contractors with Controlled Unclassified Information and aligns with all 110 security requirements of NIST SP 800‑171. Level 3 is for the most critical national security programs. The vast majority of the more than 220,000 companies in the Defense Industrial Base will fall under Level 1 or 2. Level 1 can be achieved via annual self‑assessments, but Level 2 requires a third‑party audit for most contracts handling Controlled Unclassified Information. Self‑attested 'good enough' security is no longer good enough. How CMMC Came About CMMC was born from hard lessons. For years the Pentagon relied on an honor system that allowed contractors to self‑attest that they followed required cybersecurity rules. Too many companies checked the box without truly being secure. The results were devastating. 'Massive data breaches, intellectual property theft, and nation‑state cyber intrusions that cost billions and compromised national security,' is how one Department of Defense CMMC leader described the fallout, according to Coalfire Federal. A 2023 Department of Defense Inspector General audit found that eight out of ten contractors reviewed had failed to implement all required security controls from NIST 800‑171. These were the very controls meant to protect critical data. Meanwhile, Department of Defense networks face millions of intrusion attempts every day, many by state‑sponsored actors. The Department knew voluntary compliance was not working. Enter Katie Arrington, a former state legislator turned Pentagon cybersecurity official who became the chief architect and evangelist of CMMC. Arrington bluntly voiced the new reality: 'If you want to work with the Department of Defense, you have to prove you can protect our data. Period.' CMMC was first rolled out in 2019 and 2020 with five levels. It encountered delays and was overhauled in 2021 to simplify to three levels, but its core mission never changed. Upon returning to the Department in 2025, Arrington emphasized, 'The CMMC is going to stay in place. There's no question about that.' The Pentagon had drawn a line. Cybersecurity is no longer an optional add‑on to defense contracting. CMMC Becomes Mandatory After years of planning and speculation, CMMC is moving full speed ahead and compliance is now mandatory for defense contractors. On July 22, 2025, the Department of Defense submitted the final rule to amend Title 48 of the Code of Federal Regulations to the Office of Information and Regulatory Affairs for review. Once approved and published in the Federal Register, the rule will go into effect shortly after. At that point, CMMC requirements can begin appearing in new contracts through a Defense Federal Acquisition Regulation Supplement, known as DFARS clause 252.204-7021. This marks the formal start of Phase 1, where contractors must attest to full implementation of the 110 controls in NIST SP 800-171, which govern how to protect Controlled Unclassified Information. Third-party certification will follow in Phase 2, expected approximately one year later. These requirements will phase in quickly. 'On or after October 1, 2025,' nearly all new Department of Defense solicitations and contracts will include CMMC requirements. By the start of fiscal year 2026, CMMC will be written into almost every new RFP and contract. Until now, only some contracts included CMMC as a pilot or optional requirement. By October 2025, it will flip from niche to nearly universal. Phase 1 will begin once the updated CMMC rule is published and DFARS 252.204-7021 begins appearing in new contracts. If a contract includes CMMC Level 2 compliance, your organization must already be fully compliant with all 110 NIST SP 800‑171 controls at the time of award. Self-attestation is allowed in this phase, but only if all requirements are met. Partial scores and open plans to improve later will not be accepted. Third-party certification will be required in Phase 2, which is expected to begin approximately one year later. By October 31, 2026, all contractors are expected to be fully certified to continue competing in most defense contracts. While existing contracts may continue to run their course, new awards and option renewals are expected to require certification. For most of the defense industrial base, this date marks the end of the runway. The consequences are severe. A 2022 Government Accountability Office report estimated that if CMMC Level 2 standards were enforced immediately, more than 50 percent of the Defense Industrial Base would be ineligible for new Department of Defense contracts because they lacked the required security practices. That hypothetical scenario is now becoming real. Companies that delay certification will lose the ability to compete for Defense Department business. The Pentagon has even suggested legal ramifications for misrepresentation, citing the False Claims Act for egregious cases. But the primary risk is business driven. No certificate means no contract. Even worse, if you suffer a breach, your reputation is on the line, your contracts are in jeopardy, and likely your entire business. CMMC is not just about compliance. It is about building real security. Big Primes And Small Suppliers CMMC applies across the entire supply chain. The largest prime contractors, midsize firms and the smallest subcontractors must all comply. This universality is by design. A chain is only as strong as its weakest link. A 50 person supplier with poor security can be the entry point that lets hackers steal fighter jet blueprints from a major defense contractor. We have seen this story before. The 2020 SolarWinds compromise showed how one software provider's lapse gave adversaries a back door into federal agencies and Fortune 500 companies. In 2021 the Kaseya attack on a managed services provider rippled through hundreds of downstream businesses. These incidents underscore the reality that a single weak link can become a national security risk. Prime contractors are already writing CMMC into their subcontracts. Many are refusing to work with partners who lack certification. Some solicitations now explicitly state that subcontractors must hold a current CMMC 2.0 certification to be eligible. Small and mid‑sized suppliers cannot assume they will fly under the radar. Their larger customers will demand proof of compliance or find someone else who can provide it. For government buyers, CMMC is also a game‑changer. Acquisition officials are incorporating CMMC into RFPs and evaluating bids with cybersecurity weighted alongside cost, schedule and performance. Contractors that are not certified will not even make it to the selection table. The message from the top could not be clearer. The Defense Department has stated that these cybersecurity requirements 'must be in place before companies can bid on defense contracts,' according to Many primes are not waiting for the final rule. Subcontractors are already being asked whether they have scheduled their assessment with a CMMC Third Party Assessment Organization. The window to prepare is closing. How To Prepare Now For executives and business owners in the defense sector, the question is simple. What do we do now? The Days Of Box Checking Are Over For defense contractors, complying with CMMC is both a challenge and an opportunity. Those who invest in cybersecurity will gain trust and future business. Those who do not will find themselves locked out of the defense market. Secretary Hegseth summed up both the Pentagon's and the Trump's administration stance bluntly: 'The days of box checking are over. This is about protecting the nation's data and holding every contractor to that standard.' October 2025, when CMMC requirements hit most new contracts, is almost here. By October 2026 there will be no exceptions. CMMC is not a hoop to jump through. It is the new standard for doing business. For every company in the Defense Industrial Base the choice is clear. Prove you can protect the nation's data or watch those contracts go to someone else who can.
Business Wire
6 days ago
- Business Wire
Hexagon US Federal Achieves CMMC Level 2 Certification
CHANTILLY, Va.--(BUSINESS WIRE)--Hexagon US Federal is proud to announce its successful achievement of Cybersecurity Maturity Model Certification (CMMC) Level 2—an important validation of the company's resilient cybersecurity infrastructure and its ability to protect data across all systems and operations. The certification affirms Hexagon US Federal's adherence to the Department of Defense's rigorous cybersecurity standards, ensuring the protection of all data and systems across its operations. By achieving CMMC compliance, Hexagon US Federal demonstrates its dedication to maintaining secure and resilient systems for defense and federal partners. 'Achieving CMMC Level 2 is a significant milestone that reflects the relentless work and expertise of our IT and Cybersecurity teams,' said Lisa Vaughan, Executive Director of Information Technology. 'This accomplishment underscores our ability to meet rigorous federal standards and maintain a proactive cybersecurity posture critical to supporting the defense missions.' Hexagon US Federal will continue investing in cybersecurity practices to stay ahead of evolving threats and support the defense industrial base with confidence and integrity. About Hexagon: Hexagon is the global leader in measurement technologies. We provide the confidence that vital industries rely on to build, navigate, and innovate. From microns to Mars, our solutions ensure productivity, quality, and sustainability in everything from manufacturing and construction to mining and autonomous systems. Hexagon (Nasdaq Stockholm: HEXA B) has approximately 24,800 employees in 50 countries and net sales of approximately 5.4bn EUR. Learn more at Hexagon US Federal provides world-class solutions for C4ISR, installation security, GIS, sensing capabilities, and position, navigation, and timing solutions. Dedicated to the delivery of Hexagon technology and services to the US Federal government, including defense, intelligence, and civilian organization, we deliver unique solutions that help our customers design, build, maintain, manage, operate, and protect. Learn more at
Yahoo
30-07-2025
- Yahoo
Atomus Achieves CMMC Level 2 Certification to Strengthen Defense Compliance Readiness
SAN FRANCISCO, July 30, 2025 /PRNewswire/ -- Atomus, a cybersecurity solutions provider specializing in the aerospace and defense sector, today announced it has successfully achieved Cybersecurity Maturity Model Certification (CMMC) Level 2 status with a perfect 110 out of 110 score. The certification was awarded following a formal third-party assessment completed in April 2025, reinforcing Atomus' position as a leader in defense-grade cybersecurity and compliance enablement. "Achieving CMMC Level 2 is a major milestone for Atomus. It reflects our commitment to safeguarding sensitive data and supporting defense contractors with a platform that meets the highest federal security standards." – Joel Joseph, Co-founder of Atomus Atomus earned its certification by utilizing Atomus Aegis, the company's managed security service platform designed specifically for small and midsize contractors. Aegis combines secure, FEDRAMP Moderate-authorized infrastructure with built-in tools for compliance documentation, artifact generation, and real-time monitoring. Achieving CMMC Level 2 not only validates Atomus' own security posture—it strengthens the foundation for its 100+ aerospace and defense customers. With this certification, Atomus customers benefit from: Access to a proven compliance path backed by certified infrastructure Increased audit confidence and assessment readiness Expert advisory services to navigate evolving DoD regulations About Atomus Atomus was founded in 2019 as part of a Department of Defense initiative to develop advanced cybersecurity solutions. Originally built for internal use, Atomus Aegis was designed to simplify and automate complex compliance tasks tied to NIST 800-171, DFARS 7012, ITAR, and CMMC. After recognizing that other small businesses faced similar challenges, Atomus expanded its platform to serve the broader defense industry. Today, it's trusted by over 100 defense contractors and DoD customers to streamline cybersecurity compliance. For more information visit or contact Joel Joseph at cmmc@ View original content: SOURCE Atomus Corporation Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
