Independent C3PAO assessment validates IMPRES’s cybersecurity posture with a score of 110 out of 110 and no Plan of Action & Milestones (POA&M), reinforcing the company’s commitment to protecting Controlled Unclassified Information across defense and federal operations.
IMPRES Technology Solutions, Inc. is proud to announce that it has achieved Cybersecurity Maturity Model Certification (CMMC) Level 2 through an independent assessment conducted by an authorized CMMC Third-Party Assessment Organization (C3PAO). The certification was awarded on March 2, 2026 and is recorded in the Supplier Performance Risk System (SPRS) under CAGE Code 3UTC7.
IMPRES received a perfect score of 110 out of 110 on the assessment, meeting every security requirement defined by NIST SP 800-171 Revision 2 with no Plan of Action & Milestones (POA&M). This result reflects a Final Level 2 (C3PAO) status, the highest achievable outcome under the CMMC Level 2 certification process, confirming that IMPRES’s CUI enclave fully satisfies all 110 security controls without exception.
With CMMC requirements beginning to appear in DoD solicitations and contracts as of November 2025, and mandatory C3PAO certification requirements expanding in November 2026, IMPRES is positioned well ahead of the compliance timeline to continue supporting defense and federal customers without interruption.
The Cybersecurity Maturity Model Certification (CMMC) is a Department of Defense program designed to verify that defense contractors adequately protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). The program establishes three levels of cybersecurity maturity, with Level 2 applying to organizations that process, store, or transmit CUI.
CMMC Level 2 requires implementation of all 110 security requirements from NIST SP 800-171 Revision 2, spanning 14 control families including Access Control, Incident Response, System and Communications Protection, and Risk Assessment. A Level 2 (C3PAO) certification specifically requires an independent assessment conducted by an accredited Third-Party Assessment Organization, the most rigorous form of Level 2 validation available.
Key aspects of CMMC Level 2 (C3PAO) certification include:
As DoD phases in CMMC requirements across its acquisition programs, certification is quickly becoming a prerequisite for contract eligibility. For defense customers and partners, IMPRES’s CMMC Level 2 certification provides:
This certification complements IMPRES’s existing portfolio of compliance credentials, including ISO 9001:2015 and CMMI SVC/3 certifications, and supports the company’s work across multiple DoD contract vehicles including GSA MAS, SEWP V, ITES-4H, and OASIS+.
Statement from IMPRES
Achieving a perfect CMMC Level 2 score with no POA&M is a direct reflection of the investment IMPRES has made in building and maintaining a security-first culture. This is a commitment to our defense customers that we take protection of their information as seriously as they do. We’re proud to achieve this certification and ready to support the missions that depend on it.
IMPRES Technology Solutions has been selected as one of 49 qualified contractors on the Army’s premier IT hardware acquisition vehicle, expanding the company’s ability to serve defense customers across the globe.
Award enables IMPRES to deliver enterprise networking equipment and solutions to Commerce bureaus including NOAA, Census, NIST, and USPTO.
Best-in-Class governmentwide contract enables federal agencies to access IMPRES professional services across multiple domains with streamlined acquisition.
