RPS Defense Achieves a Perfect 110/110 CMMC Level 2 Score with Essendis

RPS Defense has achieved a perfect score of 110 out of 110 on its Cybersecurity Maturity Model Certification (CMMC) Level 2 assessment, conducted by A-LIGN, a CMMC Third-Party Assessment Organization (C3PAO) authorized by The Cyber AB, the Department of Defense’s official accreditation body. The result confirms that RPS Defense meets every one of the 110 controls in NIST SP 800-171 and all 320 assessment objectives, with no Plan of Action & Milestones (POA&M) required.

A perfect, POA&M-free result is uncommon. It means the assessor found nothing left to remediate at the time of assessment — every control was implemented, documented, and operating.

How They Got There: GCC High Plus a Real Security Program

The certification is built on two things working together. First, a Microsoft 365 GCC High environment — a U.S.-sovereign, compliant cloud foundation designed for storing, handling, and transmitting Controlled Unclassified Information (CUI). Second, a comprehensive information security program built around that environment: the policies, access controls, continuous monitoring, and evidence collection needed to satisfy all 320 objectives an assessor evaluates. Both were designed and implemented by Essendis, which continues to manage RPS Defense’s security services today.

GCC High provides the compliant foundation. The security program is what turns that foundation into a defensible, assessment-ready posture — and it is the part most organizations underestimate.

Why It Matters for Defense Contractors

With CMMC Phase 2 raising the bar across the defense industrial base and assessor capacity in short supply, the gap between working toward compliance and being independently verified is widening. RPS Defense’s 110/110 result with no POA&M is a validation of the full-stack approach Essendis delivers: a purpose-built GCC High enclave, a living security program, and ongoing managed services — all designed to hold up under independent C3PAO scrutiny.

What This Means If You’re Preparing for Level 2

If your organization handles CUI and faces a Level 2 requirement, the takeaways from RPS Defense’s assessment are practical: build on a compliant GCC High foundation, operate a living security program rather than a point-in-time configuration, and gather evidence continuously so there is nothing to scramble for at assessment time. Done right, a clean assessment is achievable. Connect with an Essendis expert today to talk through your CMMC Level 2 path, or start with a readiness assessment.

Talk to a Cloud Cybersecurity Expert

Thank you for contacting Essendis. Our team is reviewing your submission and will be in touch shortly. 
We look forward to assisting with your cybersecurity and cloud computing needs. 

Continue Exploring Essendis’ Offerings

Return to Essendis
Oops! Something went wrong while submitting the form.