Strengthening Our Commitment to Defense and Regulated Industries

Oxalis is proud to announce we have achieved Cybersecurity Maturity Model Certification (CMMC) Level 2, a critical milestone that validates our ability to securely handle Controlled Unclassified Information (CUI) and positions us to deepen our support for the defense industrial base, MRO providers, and maritime operators.

This certification reinforces what our clients already know: Oxalis is built for highly regulated environments. It demonstrates our commitment to delivering technology solutions that meet the highest security standards while enabling the digital transformation our defense industrial base partners need to remain competitive and mission-ready.

“For nearly a decade, Oxalis has been committed to serving organizations where security and compliance aren’t optional—they’re mission-critical. Achieving CMMC Level 2 certification validates our security-first culture and opens new opportunities to support the defense industrial base. This isn’t just about expanding our market; it’s about proving we can be trusted with the sensitive information that keeps our nation secure.”

Jonathan Malanche, CEO

Oxalis

What is CMMC and Why Does it Matter

The Cybersecurity Maturity Model Certification (CMMC) is the DoD’s unified standard for implementing cybersecurity across the defense industrial base (DIB). Created to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI), CMMC ensures that all contractors and subcontractors handling DoD information maintain robust cybersecurity practices.

CMMC Level 2 represents an advanced security posture required for organizations that create, process, store, or transmit CUI. It encompasses 110 security controls aligned with NIST SP 800-171 Rev. 2, covering critical areas including: 

  • Access control and authentication 
  • Incident response and recovery 
  • System and communications protection 
  • Risk assessment and continuous monitoring 
  • Configuration management and media protection 

Achieving CMMC Level 2 certification requires a rigorous third-party assessment by a Certified Third-Party Assessment Organization (C3PAO). 

Understanding Controlled Unclassified Information (CUI)

Controlled Unclassified Information (CUI) is unclassified information that the U.S. government creates, possesses, or that an entity creates or possesses on behalf of the government, which requires safeguarding and dissemination controls. 

CUI is not classified information, but it still demands protection. It includes technical drawings, engineering specifications, operational reports, procurement data, and other sensitive materials shared between the DoD and its contractors. The DoD CUI Program standardizes how this information is marked, handled, and protected across the defense ecosystem. 

Achieving CMMC Level 2 compliance allows Oxalis to work directly with sensitive defense information, support system modernization efforts, and provide the deep technical integration our clients need, without compromising security or compliance. 

What This Means for Oxalis Clients

CMMC Level 2 certification expands Oxalis’ ability to serve the DIB in several critical ways:

  • Eligibility for DoD Contracts. Starting in late 2025, most DoD contracts involving CUI require full Level 2 certification from a third-party assessment. Oxalis’ certification ensures we can continue bidding on and supporting contracts that involve sensitive defense information. 
  • Deeper Integration with Mission-Critical Systems. Our certification enables us to work within or adjacent to DoD environments, supporting everything from ERP implementations and cloud migrations to IT modernization and digital transformation initiatives. 
  • Supply Chain Security. By achieving CMMC Level 2, Oxalis strengthens the overall security posture of the defense supply chain. Our clients can trust that their sensitive information is protected when working with us, reducing risk across their own compliance posture. 

Reinforcing our Goal in Providing Solutions Built for Highly-Regulated Environments

CMMC Level 2 certification is a natural extension of Oxalis’ core mission: helping government, defense, healthcare, and other highly regulated organizations modernize their operations without compromising security, speed, or compliance. 

From our partnerships with Atlassian (including FedRAMP and Atlassian Government Cloud) and IFS, to our proprietary solutions like YardOS, we design every engagement and product with the unique demands of regulated sectors in mind. Our team understands that in defense and government work, there’s no room for error; every system must be secure, auditable, and future-ready. 

“The defense industrial base faces evolving cyber threats every day. CMMC Level 2 isn’t a one-time achievement – it’s a commitment to continuous security improvement. Our team has embedded these controls into our DNA, from product development to client engagements. This certification gives our DIB partners confidence that when they work with Oxalis, they’re working with a team that takes security as seriously as they do.” 

Micah J. Waldstein, VP 

Oxalis

At Oxalis, we’ve spent years building deep expertise in highly regulated industries. We’ve supported various defense agencies, partnered with IFS to modernize naval MRO operations, and helped organizations across the defense industrial base navigate complex digital transformations. In every one of those engagements, trust is the foundation. 

CMMC Level 2 certification formalizes that trust at the system level. 

For our existing clients, it means they can bring Oxalis deeper into sensitive environments, knowing we have the certified security posture to operate there responsibly. For prospective clients evaluating technology partners for DoD work, it removes a critical barrier — Oxalis is now verified as a compliant organization capable of handling CUI within the defense supply chain.