CMMC Partner Information

NSTXL’s CMMC Partners
Help You Get Certified

NSTXL has partnered with trusted vendors to support organizations in achieving the Cybersecurity Maturity Model Certification (CMMC) level that aligns with their specific requirements. 

Whether you are just beginning your CMMC journey or preparing for a higher-level certification, NSTXL connects you with the right partner to help you navigate requirements efficiently and with confidence.

NSTXL requires all members to complete a CMMC Level 2 Self-Assessment by November 10, 2026, or members risk losing access to their membership.

Our Partners

NSTXL offers two different vendors for CMMC compliance, depending on your specific needs. Read more about each partner below to determine which path best fits your compliance level needs. If you’d like more information, or aren’t sure which to choose, reach out to us at membership@nstxl.org.

Beskar Inc. Logo Beskar

NSTXL’s partnership with Beskar Inc enhances support for organizations pursuing CMMC compliance by providing secure, CMMC Level 1 and 2–aligned infrastructure and expert cybersecurity services, helping streamline the path to audit readiness.

Beskar is a great option if you need:

  • CMMC Level 1 or 2–compliant secure virtual desktop environments designed to support protected workloads.
  • Specialized cybersecurity and IT consulting, including staff augmentation, to extend your team’s capabilities.
  • End-to-end secure data solutions, including storage, integration, visualization, and advanced analytics.
  • Secure infrastructure to support defense-focused environments.

Penacity Logo Penacity

NSTXL has partnered with Penacity, an authorized Third-Party Assessment Organization (C3PAO) accredited by the CyberAB, offering both assessment services and a purpose-built solution to simplify CMMC Level 2 compliance.

Penacity is a great option if you need:

  • A more streamlined and predictable path to CMMC compliance including:
    • GAP Analysis
    • Implementation
    • CMMC L1 Attestation
    • Full C3PAO CMMC L2 Assessment Services to obtain your Certification
  • A secure, isolated environment addressing up to 95 of the 110 CMMC L2 controls for handling Controlled Unclassified Information (CUI), already implemented and managed in (Penacity High-Assessed Secure Environment (PHASE)).

Their enclave significantly reduces the cost, complexity, and internal effort typically associated with achieving certification, especially for niche industries with special requirements like manufacturing, logistics, high end development, and construction.

Certification Levels and Requirements

Certification requirements vary by level, but all come directly from the Department of War and will be phased into contracts over the next several years.

Level 1 Requirements (Foundational)

Requires organizations to implement 17 basic cyber hygiene practices derived from FAR 52.204-21. Certification can be achieved through a self-assessment submitted annually through the Supplier Performance Risk System (SPRS).

Level 2 Requirements (Advanced)

Aligned with the 110 security controls within NIST SP 800-171 Revision 2. Some contracts will allow for Level 2 self-assessments, but most will require an independent evaluation conducted by a Certified Third-Party Assessment Organization (C3PAO).

Level 3 Requirements (Expert)

Aligned with the 110 security controls in NIST SP 800-171 Revision 2, along with an additional 24 controls outlined in NIST SP 800-172. Requires a government-led assessment every three years by the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC).

When to Be Certified

The Department of War has designated November 10, 2026, as a critical milestone for achieving CMMC Level 2 certification. In alignment with this directive, NSTXL requires all members to complete a CMMC Level 2 self-assessment by November 10, 2026. Members who do not submit proof by that deadline risk losing access to their membership or being ineligible to compete for proposals.

Additionally, program offices may impose more stringent requirements, including full C3PAO certification. While NSTXL’s baseline requirement is a Level 2 self-assessment, members are strongly encouraged to proactively pursue C3PAO certification to ensure continued eligibility for future opportunities.

We are committed to supporting our members through this transition. Partnerships with vendors who can assist with achieving compliance will be announced soon. If you have questions or need assistance, please contact us at membership@nstxl.org.

Regulatory Disclaimer

NSTXL membership policies are subject to change due to DoW policy updates and requirements. NSTXL will keep you up to date on new information regarding CMMC and our membership policy.