Latest news with #CybersecurityMaturityModelCertification
Business Wire
3 days ago
- Business
- Business Wire
Hexagon US Federal Achieves CMMC Level 2 Certification
CHANTILLY, Va.--(BUSINESS WIRE)--Hexagon US Federal is proud to announce its successful achievement of Cybersecurity Maturity Model Certification (CMMC) Level 2—an important validation of the company's resilient cybersecurity infrastructure and its ability to protect data across all systems and operations. The certification affirms Hexagon US Federal's adherence to the Department of Defense's rigorous cybersecurity standards, ensuring the protection of all data and systems across its operations. By achieving CMMC compliance, Hexagon US Federal demonstrates its dedication to maintaining secure and resilient systems for defense and federal partners. 'Achieving CMMC Level 2 is a significant milestone that reflects the relentless work and expertise of our IT and Cybersecurity teams,' said Lisa Vaughan, Executive Director of Information Technology. 'This accomplishment underscores our ability to meet rigorous federal standards and maintain a proactive cybersecurity posture critical to supporting the defense missions.' Hexagon US Federal will continue investing in cybersecurity practices to stay ahead of evolving threats and support the defense industrial base with confidence and integrity. About Hexagon: Hexagon is the global leader in measurement technologies. We provide the confidence that vital industries rely on to build, navigate, and innovate. From microns to Mars, our solutions ensure productivity, quality, and sustainability in everything from manufacturing and construction to mining and autonomous systems. Hexagon (Nasdaq Stockholm: HEXA B) has approximately 24,800 employees in 50 countries and net sales of approximately 5.4bn EUR. Learn more at Hexagon US Federal provides world-class solutions for C4ISR, installation security, GIS, sensing capabilities, and position, navigation, and timing solutions. Dedicated to the delivery of Hexagon technology and services to the US Federal government, including defense, intelligence, and civilian organization, we deliver unique solutions that help our customers design, build, maintain, manage, operate, and protect. Learn more at
Business Wire
28-07-2025
- Business
- Business Wire
PURVIS Systems Achieves CMMC Level 2 Certification with Perfect Assessment Score
MIDDLETOWN, R.I.--(BUSINESS WIRE)--PURVIS Systems Incorporated, a Rhode Island-based engineering and professional technical services company, today announced it has successfully achieved Level 2 Cybersecurity Maturity Model Certification (CMMC). This significant milestone was achieved entirely through internal talent and expertise, and it underscores PURVIS Systems' commitment to cybersecurity excellence. To obtain CMMC Level 2 certification, PURVIS was assessed by a CMMC Third Party Assessment Organization (C3PAO) and received a perfect audit score. This perfect score demonstrates the company's comprehensive implementation of all 110 security controls outlined in NIST Special Publication 800-171 and it validates PURVIS Systems' ability to protect Controlled Unclassified Information (CUI) at the highest standards required by the Department of Defense (DoD). "This achievement represents our unwavering commitment to cybersecurity excellence and our dedication to protecting sensitive information," said Joseph Drago, CEO of PURVIS Systems. "Our team's ability to achieve a perfect score through internal expertise alone showcases the caliber of talent and technical capability we bring to supporting our defense industry and public safety partners. We are proud to continue our 52-year legacy of delivering sustained engineering solutions that our mission-critical clients need to protect our nation's security, property and lives." Of the tens of thousands of companies that the Federal government will require to be CMMC Level 2 certified, PURVIS Systems is among the first few hundred companies to have achieved that important certification. This positions the company well ahead of the October 2025 deadline when CMMC Level 2 certification becomes a mandatory DoD contractual requirement for prime contractors and their subcontractors. This early achievement demonstrates PURVIS Systems' proactive approach to cybersecurity and reinforces the company's commitment to protecting sensitive government information. About CMMC Certification The Cybersecurity Maturity Model Certification (CMMC) is a unified standard for implementing cybersecurity across the defense industrial base. CMMC Level 2 requires organizations to implement 110 security controls to protect CUI, ensuring contractors can adequately safeguard sensitive defense information. About PURVIS Systems PURVIS Systems is a Rhode Island-based company with over 50 years of experience supporting the Department of Defense and Public Safety organizations nationwide. The company provides engineering and professional technical services and is driven to provide customers with sustainable, engineered solutions needed to protect our nation's security – on land and at sea. Capabilities include systems development and integration, operational assessment and testing, alteration development and installation, product lifecycle support, facilities operations and management, field support and maintenance, and fire station alerting. For more information about PURVIS Systems' cybersecurity capabilities and CMMC certification, visit or contact reachus@
Malaysian Reserve
24-07-2025
- Business
- Malaysian Reserve
GRS Technology Solutions Achieves CMMC Level 2 Certification with A-LIGN, Reinforcing Its Role as a Trusted Partner for Federal Cybersecurity Compliance
WASHINGTON, July 24, 2025 /PRNewswire/ — GRS Technology Solutions, a trusted IT, cybersecurity, and compliance provider dedicated to protecting federal contractors and their missions, proudly announces that it has successfully achieved Cybersecurity Maturity Model Certification (CMMC) Level 2, following a rigorous third-party assessment conducted by A-LIGN, a leading C3PAO. This significant milestone positions GRS among a select group of Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) certified to meet the Department of Defense's cybersecurity requirements for handling Controlled Unclassified Information (CUI). The certification reflects GRS's commitment to implementing mature, repeatable security practices that meet the 110 controls outlined in NIST SP 800-171 Rev 2. GRS is also a Registered Provider Organization (RPO), recognized by the Cyber AB for its ability to deliver consulting services aligned with the CMMC framework. 'We've always prioritized security and compliance internally and for our clients. Achieving CMMC Level 2 is a testament to the systems, processes, and culture of cybersecurity we've built over the years,' said Larry Burbano, CEO of GRS. 'This certification not only reinforces our credibility, but it also enables us to better support federal contractors who are navigating their own CMMC journey.' Throughout this journey, we put in countless late nights to develop a detailed Customer Responsibility Matrix (CRM) that clearly outlines ownership and responsibility for each assessment objective. It's designed to ensure mutual accountability. Our clients can hold us accountable, and we can do the same in return. What This Means for Clients: End-to-End Confidence: GRS applies the same high standards of security and compliance to your environment as we do to our own – whether you're using Windows or macOS systems. Certified Expertise: With Certified CMMC Assessors (CCAs) and Certified CMMC Professionals (CCPs) on staff, GRS brings deep, in-house expertise to every stage of your compliance journey. From gap assessments and remediation to full audit readiness. We don't just prepare you for the assessment; we sit at the table and represent you when it matters most. Ownership: We take full ownership of the CMMC journey alongside our clients. From advising and implementing to managing and supporting each control and assessment objective, we move with purpose – and expect you to keep pace. Think of us as your personal CMMC trainer, keeping you on track every step of the way. A Competitive Edge for Clients: Partnering with a CMMC-certified MSP/MSSP gives federal contractors a clear advantage in achieving CMMC compliance and strengthening their position to win federal contracts. About GRS Technology Solutions: GRS Technology Solutions isn't your typical Managed Service Provider (MSP) and Managed Security Service Provider (MSSP). We're built differently. We are a team of A+ players driven by a clear mission: to deliver excellence without compromise. At GRS, mediocrity has no place. We don't chase volume; we focus on impact. Our clients are federal contractors who demand precision, reliability, and results, and that's exactly what we deliver. With years of proven experience and deep expertise in the Defense Industrial Base, we provide fully managed IT services, cutting-edge FedRAMP-approved cybersecurity solutions, and hands-on CMMC implementation support. If you're looking for a partner who plays at the highest level, you've just found one. Whether you're preparing for CMMC L1/L2, facing a DIBCAC audit, navigating DFARS and NIST 800-171 requirements, or modernizing legacy systems, GRS is the trusted partner devoted to protecting your mission, your data, and your future. For more information visit
Associated Press
16-07-2025
- Business
- Associated Press
By Light Achieves CMMC-Level 2 Certification
- By Light Achieves CMMC Level 2 Certification, Strengthening Commitment to Cybersecurity for DoD and Federal Customers - MCLEAN, Va., July 16, 2025 (SEND2PRESS NEWSWIRE) — By Light Professional IT Services LLC (By Light) is proud to announce that it has been officially appraised at Cybersecurity Maturity Model Certification (CMMC) Level 2, demonstrating the company's deep commitment to safeguarding Controlled Unclassified Information (CUI) and meeting the cybersecurity requirements of the U.S. Department of Defense (DoD). CMMC Level 2 represents a critical milestone for defense contractors, requiring the implementation of 110 security practices aligned with the National Institute of Standards and Technology (NIST) SP 800-171. By Light's successful appraisal underscores its operational readiness and adherence to stringent security standards across its internal systems, processes, and partner networks. This certification further positions By Light as a trusted provider of secure digital transformation services for the federal government, including cyber operations, DevSecOps, and Zero Trust implementations. The CMMC Level 2 appraisal was conducted by a CMMC Third Party Assessor Organization (C3PAO) and is valid for three years. By Light continues to invest in comprehensive cybersecurity governance across its classified and unclassified offerings and remains committed to continuous improvement as CMMC evolves in future phases. About By Light: By Light Professional IT Services LLC is an ISO 9001, 20000-1, and 27001 registered and CMMI-Dev Level 3 rated systems engineering company that provides secure turnkey systems by incorporating exceptional engineering, project management, telecommunications, and cyber capabilities to safeguard mission success. Founded by industry professionals with extensive knowledge in DoD, DISA, and other U.S. Government agencies, By Light successfully implements technical solutions that integrate commercial best practices to meet the needs of the government. For more information, visit LOGO link for media: NEWS SOURCE: By Light Professional IT Services Keywords: Cyber Security and Infosec, By Light Professional IT Services LLC, DoD and Federal Customers, Cybersecurity Maturity Model Certification CMMC, Military, Defense, Government, Armed Forces, MCLEAN, Va. This press release was issued on behalf of the news source (By Light Professional IT Services) who is solely responsibile for its accuracy, by Send2Press® Newswire. Information is believed accurate but not guaranteed. Story ID: S2P127758 APNF0325A To view the original version, visit: © 2025 Send2Press® Newswire, a press release distribution service, Calif., USA. RIGHTS GRANTED FOR REPRODUCTION IN WHOLE OR IN PART BY ANY LEGITIMATE MEDIA OUTLET - SUCH AS NEWSPAPER, BROADCAST OR TRADE PERIODICAL. MAY NOT BE USED ON ANY NON-MEDIA WEBSITE PROMOTING PR OR MARKETING SERVICES OR CONTENT DEVELOPMENT. Disclaimer: This press release content was not created by nor issued by the Associated Press (AP). Content below is unrelated to this news story.
Yahoo
11-07-2025
- Business
- Yahoo
Why CMMC is Essential for DoD Contractors: Cybersecurity Compliance Insights Released by Info-Tech Research Group
With increasing cyber threats targeting the defense supply chain, Cybersecurity Maturity Model Certification (CMMC) compliance is now a critical factor for contract eligibility. Info-Tech Research Group's blueprint equips contractors and subcontractors with practical strategies to meet evolving cybersecurity standards and safeguard sensitive information. TORONTO, July 11, 2025 /PRNewswire/ - A growing wave of cyberthreats targeting defense contractors has underscored the need for a consistent and enforceable framework to safeguard Controlled Unclassified Information (CUI) and strengthen the resilience of the defense supply chain. Global research and advisory firm, Info-Tech Research Group, has published insights and guidance on the situation in a new resource, Achieve CMMC Compliance Effectively. While the CMMC aims to provide exactly that, many contractors continue to face significant roadblocks in achieving compliance. Legacy systems, limited internal expertise, evolving requirements, and high implementation costs are just some of the challenges slowing down progress. The firm's research-based resource offers a focused and practical approach to compliance to help contractors navigate these issues by equipping defense organizations with the tools needed to meet certification requirements and maintain eligibility for Department of Defense (DoD) contracts. Info-Tech's blueprint makes it clear that CMMC applies to all prime and subcontractors working with the DoD. The framework is critical for protecting both Federal Contract Information (FCI) and CUI, which are often shared across multiple tiers of suppliers and service providers. However, a significant number of organizations continue to face challenges meeting these requirements, often due to system integration and data flow issues, which are further complicated by confusion around evolving compliance expectations. "Not providing the required level of assessment or certification to the DoD puts organizations at risk of losing eligibility to bid on or be awarded defense contracts," says Safayat Moahamad, research director at Info-Tech Research Group. "More importantly, organizations that proactively invest in cybersecurity resilience gain a competitive advantage by strengthening their ability to bid on DoD contracts and demonstrating trustworthiness in handling sensitive defense data." Info-Tech's insights published in the resource highlight that Organizations Seeking Certification (OSCs), and Organizations Seeking Assessment (OSAs), must choose their target compliance level and implement the corresponding controls. The certification level required for specific contracts will be stated in each DoD solicitation. This means contractors must be proactive and align their security practices with anticipated contract demands. Understanding the CMMC Levels To support this effort, Info-Tech's Achieve CMMC Compliance Effectively blueprint outlines four key CMMC levels, each designed to match the type and sensitivity of data a contractor handles: Level 1: Foundational (Self-Assessed) - For contractors handling Federal Contract Information (FCI). Requires full implementation of 15 basic security controls and annual self-affirmation. Conditional status is not permitted at this level. Level 2: Advanced (Self-Assessed) - Designed for contractors handling Controlled Unclassified Information (CUI). Level 2 requires the implementation of 110 controls from NIST SP 800-171. Organizations must score at least 80% and close any remediation items within 180 days, and complete annual affirmation and reassessment every three years. Level 2: Advanced (Third-Party Assessed) - Similar to the self-assessed Level 2, but compliance is verified by an accredited third-party assessor (C3PAO). This level is required for some contracts, depending on Department of Defense (DoD) solicitation terms. Level 3: Expert (Government Assessed) - Level 3 is for organizations supporting critical defense programs. It requires a Level 2 C3PAO certification. In addition, 24 controls from NIST SP 800-172 must be assessed by the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC). "By addressing the challenges of CMMC compliance early and with purpose, organizations can move beyond simply checking boxes," explains Moahamad. "In a competitive defense landscape, effective compliance is not just a requirement; it is a key differentiator." For exclusive and timely commentary from Safayat Moahamad, an expert in privacy, legal, and compliance fields, and access to the complete Achieve CMMC Compliance Effectively blueprint, please contact pr@ About Info-Tech Research GroupInfo-Tech Research Group is one of the world's leading research and advisory firms, serving over 30,000 IT and HR professionals. The company produces unbiased, highly relevant research and provides advisory services to help leaders make strategic, timely, and well-informed decisions. For nearly 30 years, Info-Tech has partnered closely with teams to provide them with everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations. To learn more about Info-Tech's divisions, visit McLean & Company for HR research and advisory services and SoftwareReviews for software buying insights. Media professionals can register for unrestricted access to research across IT, HR, and software and hundreds of industry analysts through the firm's Media Insiders program. To gain access, contact pr@ For information about Info-Tech Research Group or to access the latest research, visit and connect via LinkedIn and X. View original content to download multimedia: SOURCE Info-Tech Research Group
