Alaska-based CMMC Compliance Expertise

With CMMC deadlines looming, take control of your compliance needs with local experts who have a proven track record of success. Elevate your compliance with Stratus Services.
Thank you! Your submission has been received!

Someone from our CMMC team will be in touch, usually within about one business day.
Stratus is a Registered Practitioner Organization of the Cyber AB CMMC Certification group since 2022

Expert CMMC consulting from CMMC-AB Registered Provider Organization (RPO)

Stratus Services has extensive experience in helping companies meet their compliance needs on both a strategic and tactical level. Whether it's technical implementation, or developing a long term compliance strategy, our cybersecurity and compliance experts can help your company meet its CMMC requirements.

  • Scoping & Workflow
  • Gap Analysis & Remediation
  • Documentation Review & Design
  • Technical Implementation & Support
  • Compliance Consulting & Assessment Preparation

Our CMMC
Approach & Offerings

Graphical representation of a data silo that exemplifies the 3-2-1 cybersecurity method of backup data.

Scoping & Workflow

The first and most important step of getting your organization CMMC ready is scoping. No assessment will be successful without an accurate understanding of your data flow and assessment scope. Scoping is also the most powerful tool your company has to cut down on the time and cost of getting certified.

Graphical representation of a firewall system protecting a a user device

Gap Analysis

For companies looking to bring their existing IT environment into compliance, a thorough Gap Analysis is an important cost and time saving measure. We can compare your current security posture to the requirements in CMMC and help build a plan for getting you the rest of the way there.

Graphical representation of personally identifiable information (PII) that should be protected through strong compliance standards, like HIPAA.

Documentation Review & Design

Compliance requires documentation. Stratus Services can help compare your current policies and procedures against CMMC requirements, or help you develop documentation that aligns with CMMC requirements.

Image depicting the many facets of cybersecurity across a company's infrastructure.

Technical Implementation & Remediation

Rework manual processes and automate them with custom, easy to use tools and applications. We have a team of programmers that can help you customize the current application or build one from the ground up. Capture that custom business workflow that differentiates your company from the competition.

Iconographic image of digital information and person digital footprint that represents personal health information and personally identifiable information that is protected by HIPAA and other compliance frameworks.

Compliance Consulting & Assessment Preparation

Stratus Services can perform a CMMC readiness assessment to ensure that your systems and tooling are in compliance and that there will be no surprises when it comes time for your official CMMC Audit by a C3PAO.

What our clients are saying

"Stratus Services played a pivotal role in assisting CRW Engineering Group, Inc. in the development and implementation of our policies and procedures. Their deep expertise in Department of Defense (DoD) regulations, particularly NIST SP 800-171, alongside their comprehensive understanding of both physical and cybersecurity, was instrumental in guiding us to achieve CMMC Level 2 certification. Their support ensured that we met the highest standards of security, compliance, and operational excellence."

– Anthony Robinson, PLS, CFedS
CRW Engineering Group

CMMC Certification Levels & Requirements

CMMC Certification Level Practices Objectives Assessment Requirement Data Type CMMC Phase*
1 15 59 Annual Self-Assessment Federal Contract Information (FCI) Phase 1, Q4 '25/Q1 '26
2 110 320 Triennial third-party assessment, plus annual self attestation Controlled Unclassified Information (CUI) Phase 2, Q4 '26/ Q1 '27
3 134 409 (Including Organizationally Defined Parameters) Triennial government-led assessments Highly Sensitive Controlled Unclassified Information (CUI) Phase 3, Q4 '27/ Q1 '28
*Dates are estimates and requirements can be implemented early at the government's discretion

Frequently Asked Questions: CMMC Assessments

The following are some of the most common questions we receive from current and potential clients.

Are you a Cyber AB Registered Provider Organization (RPO)?

Yes, we have been a certified Cyber AB Registered Provider Organization (RPO) since 2022 and renew annually, as required. Feel free to review our certification.

Do you have staff who are certified Registered Practitioners (RPs)?

Yes. As of 2025 Stratus employees three Registered Practitioners (RPs), two Registered Practitioner Advanced (RPAs), and one CMMC Certified Professional (CCP). Feel free to review our certification.

Do you have experience with clients in my specific industry or with similar data types?

Stratus has experience implementing and maintaining CMMC compliance across many sectors that support the DIB, such as construction, engineering, manufacturing, and more. We are proud have successfully guided a large, local engineering firm to pass their CMMC Level 2 Certification Assessment this year (2025), one of the first nationally!
Additionally, as an IT consulting organization, we also have extensive experience with other compliance-forward organizations such as finance, mortgage & title, and medical offices.  

Can you help determine the appropriate CMMC level for my business and contracts?

Yes. We offer scoping services to help assist you in figuring out what CMMC level will be required based on your specific needs. This is a core tenant of proper CMMC planning. For more information, we recommend this blog post on the topic: CMMC Level 2 Scoping: Understanding Asset Categories for Compliance

Will you help create or revise policies and procedures as part of compliance prep?

Yes, we offer a comprehensive CMMC implementation package that includes the creation of new policies and revision of existing policies.

Can you assist with System Security Plans (SSPs) and Plans of Action & Milestones (POAMs)?

Yes, for those pursuing CMMC Level 2 compliance, SSPs are included for alignment with CA.L2-3.12.4. While SSPs are not required for Level 1 compliance, arrangements can be made for an SSP if this is requested. POA&Ms will be developed as needed to address any identified deficiencies.

Can you collaborate with our IT or MSP teams, or do you provide hands-on technical support?

Yes. While we are a fully staffed Managed Service Provider and can provide these services as added support to CMMC Compliance contracts, we are more than willing to work with internal or existing third-party MSP teams to implement a CMMC-compliant environment.

How do you ensure that we maintain compliance post-certification?

We offer services to ensure continued compliance with CMMC requirements that support your yearly self-assessments and/or triennial third-party assessments.

When will CMMC be required for DoD contracts?

As of August 2025, the DoD’s planned rollout of CMMC compliance will be tiered in three different phases. Level 1 requirements will be enforced on contracts when the 48 CFR final rule is released, which is expected to happen by October 2025 earliest, and February 2026 at latest. Level 2 requirements will be enforced a year after the Level 1 rollout. Level 3 requirements will be enforced a year after the Level 2 rollout. HOWEVER, once the 48 CFR final rule is in place, program managers can require higher levels of CMMC before the enforcement date set in place by the DoD.