On April 6, Koniag Government Services (KGS) announced it has achieved Cybersecurity Maturity Model Certification (CMMC) Level 2 through an independent external assessment conducted by an authorized Certified Third-Party Assessment Organization (C3PAO).
CMMC Level 2 is the U.S. Department of War’s (DoW) mandatory cybersecurity standard for contractors handling Controlled Unclassified Information (CUI). The certification validates that KGS has implemented and operationalized all 110 security requirements outlined in NIST SP 800-171, with evidence-based validation through rigorous third-party assessment.
“Our defense mission partners entrust us with critical programs and sensitive information that directly impact national security,” said Matt Carle, chief operating officer, defense line of business at KGS. “CMMC Level 2 certification validates that we have the robust cybersecurity controls and discipline required to honor that trust. This milestone ensures we can continue to securely support our customers in the DoW’s increasingly complex mission.”
As of January 2025, fewer than 800 organizations across the Defense Industrial Base have achieved CMMC Level 2 certification—representing less than 1% of the estimated 118,000 companies expected to require this certification under the DoW’s CMMC program. This places KGS among the earliest adopters to meet the new standard ahead of upcoming contract requirements.
“Achieving CMMC Level 2 certification demonstrates our unwavering commitment to protecting sensitive government information and supporting our mission partners with the highest levels of cybersecurity assurance,” said Kevin Wideman, CEO at KGS. “This milestone strengthens our competitive position and reduces program delivery risk as cybersecurity requirements become increasingly critical across the federal contracting landscape.”
The CMMC program, which became mandatory through the Final Rule published in October 2024, requires defense contractors to undergo independent third-party assessments to verify cybersecurity practices. Level 2 certification is required for contractors processing, storing, or transmitting CUI on behalf of the DoW.
“Achieving CMMC Level 2 certification requires more than the right policies and tools. It involves making security an integral part of our culture and daily operations,” said Eric Reyes, chief security officer at KGS. “Everyone at KGS contributed to this achievement, from Security and IT teams implementing technical controls to employees adopting new procedures. This collaboration strengthens our cybersecurity and drives continuous improvement, rather than simply meeting requirements on paper.”
Source: Koniag Government Services
IC News delivers the situational awareness you need to get ahead and stay ahead in the IC contracting space. Subscribe today for full access to 10,000+ articles, plus new articles each weekday.
By 
