- NetImpact has achieved CMMC Level 2 certification
- The certification indicates that NetImpact is compliant with the cybersecurity requirements outlined in National Institute of Standards and Technology Special Publication 800-171
- Compliance with CMMC Level 2 requirements will be mandatory for contractors seeking to compete in relevant acquisitions
IT services and consulting company NetImpact Strategies has achieved Level 2 certification under the Department of War’s Cybersecurity Maturity Model Certification Program.
What Does CMMC Level 2 Certification Mean for NetImpact?
NetImpact said the CMMC Level 2 certification validates its implementation of cybersecurity practices and processes meant to protect Controlled Unclassified Information. In particular, CMMC Level 2 requires compliance with practices aligned with National Institute of Standards and Technology Special Publication 800-171.
Commenting on the certification, NetImpact Chief Operating Officer Stephanie Wilson said, “Achieving CMMC Level 2 reflects out ongoing investment in cybersecurity and our commitment to protecting our customers’ sensitive information while supporting critical federal missions.”
How Many GovCons Are CMMC Level 2 Compliant?
NetImpact joins the ranks of government contractors like Tycho.AI, DecisionPoint and ASRC Federal, which have achieved CMMC Level 2 certification as well. ASRC Federal Chief Information Security Officer Ron Davis noted in May that only a little over 1,000 companies had so far been fully certified for CMMC Level 2 — about 2% of the total number of organizations that must become compliant.
Non-compliant GovCons would be barred from competing for relevant solicitations. Of particular significance is the impending phase 2 of the CMMC rollout. Expected to go into effect this November, phase 2 would make assessments via Certified Third-Party Assessor Organizations, or C3PAOs, mandatory for relevant contract opportunities.
NetImpact’s certification was conferred following an independent assessment by a C3PAO.


