With its new certification, Stratus Services is now Alaska’s first CMMC Level 2 certified Managed Service Provider.
Stratus Services has achieved Level 2 certification under the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC). This certification strengthens Stratus’ commitment to their clients seeking federal contracts while maintaining similar compliance requirements in house––effectively leading by example.
Achieving CMMC Level 2 certification for Stratus’ managed services platform is a major milestone and a distinction that sets Stratus apart from most MSPs. This isn’t a consulting exercise or a theoretical framework, this platform is built, operated, and audited to the same CMMC Level 2 requirements that clients must meet to protect Controlled Unclassified Information (CUI). Because this is the platform used to deliver services to clients every day, the controls are proven, operational, and audit-ready. For current and prospective customers, that means fewer unknowns, faster paths to compliance, and a partner delivering services on infrastructure that has already met the CMMC bar.
Stratus is no stranger to these rigorous standards, having graduated two local Alaska firms to their CMMC L2 certification. Last Fall, CRW Engineering Group became one of the first 85 firms nationally to become CMMC L2 certified with Stratus’ guidance. Just last month, Stratus also assisted R&M Consultants to successfully complete their CMMC L2 certification. This bodes well for the slate of firms in Stratus’ portfolio on the path to completing both L1 and L2 requirements this year.
“It’s kind of like the dog chasing the car,” said Joel Recane, Managing Director of Cybersecurity & CMMC. “You spend so much time preparing, building, and pushing toward the goal that you almost forget what it feels like to reach it. Achieving CMMC Level 2 in-house is incredibly validating. It proves that the systems, processes, and controls we’ve been helping our clients implement are the same ones we trust to run our own business every day.”
Stratus Services provides managed IT, cybersecurity and compliance solutions. Based in Anchorage, they support organizations in Alaska, the Pacific Northwest, and across the nation with technical expertise and a focus on practical implementation. A Cyber-AB certified RPO since 2022, Stratus’ team includes multiple CMMC-trained staff, including certified Registered Practitioners Advanced (RPAs) and a Certified CMMC Assessor (CCA).
The Department of Defense (also referred to as the Department of War) solidified CMMC regulations last year with a roll-out schedule that impacts firms over the next three years. Firms with contracts requiring CMMC L2 will need to become compliant by Nov. 10, 2026. CMMC L1 self-attestations are already required by these regulations.
###
