Castellum, Inc. announced that it has achieved Cybersecurity Maturity Model Certification (CMMC) Level 2, a milestone that expands the company’s eligibility to bid on U.S. Department of Defense (DoD) contracts that require protection of Controlled Unclassified Information (CUI). The certification, completed on April 23, 2026, demonstrates that Castellum meets the 110 security controls outlined in NIST SP 800‑171 and has been validated by an accredited Certified Third‑Party Assessment Organization (C3PAO).
The assessment revealed that Castellum met all 110 controls and 320 objectives of the Level 2 framework, achieved a perfect 110 score, and had no open Plan of Action and Milestones. These results underscore the company’s robust security posture and its commitment to safeguarding sensitive information for customers and partners. The CMMC 2.0 rollout began requiring contractual compliance in November 2025, so Castellum’s certification positions it ahead of the full implementation of these requirements.
With Level 2 certification, Castellum can now respond to Requests for Proposals that mandate this standard, strengthen relationships with prime and subcontractor partners, and validate its cybersecurity maturity to current and prospective clients. The certification is a key enabler for expanding the company’s business within the DoD sector, where cybersecurity compliance is becoming a prerequisite for contractors handling sensitive government information.
Chief Operating Officer Drew Merriman said, "Achieving CMMC Level 2 certification is a significant milestone for our organization. We met all 110 controls and 320 objectives of the Level 2 framework with no open Plan of Action and Milestones and a perfect 110 score. This demonstrates the strength of our security posture and our dedication to protecting the information entrusted to us by our customers and partners." President and CEO Glen Ives added, "CMMC is a strong validation of our capabilities and the discipline we bring to protecting sensitive information. I am proud of our team's hard work and the robust processes they implemented that enabled a successful C3PAO assessment. Having this certification is critical to continuing to grow and win contracts with DoD. We have implemented a step‑by‑step technical roadmap prioritizing milestones to enable continued growth. With CMMC complete, the next action on our roadmap is the overhaul and re‑design of our company's website, which we expect to launch during the second quarter."
The certification comes at a time when the DoD is increasingly mandating cybersecurity compliance for its contractors. Castellum’s achievement places it in a competitive position within the defense industrial base, where companies that secure CMMC certification gain an advantage over those that have not yet met these stringent standards. The company’s next step—overhauling its website—signals a broader strategy to enhance its digital presence and support future growth initiatives.
No immediate market reaction was reported following the announcement.
The content on EveryTicker is for informational purposes only and should not be construed as financial or investment advice. We are not financial advisors. Consult with a qualified professional before making any investment decisions. Any actions you take based on information from this site are solely at your own risk.