We are pumped to share some huge news: we successfully passed our Cybersecurity Maturity Model Certification (CMMC) Level 2 assessment! This is a big deal and really shows how committed Rancher Government Solutions (RGS) is to keeping our partners and the whole Defense Industrial Base safe from cyber threats. By earning this Level 2 certification, we've put all 110 security rules in place. This means the Department of War (DOW) can be super confident that we're ready to protect all that important Controlled Unclassified Information (CUI). Getting 110 out of 110 controls right really proves we're at the top of our game!
To put this into perspective, the DOW estimates that there are over 80,000 DOW contractors who need to get this certification. With the official rules and deadlines announced in late 2024, and only a handful of approved assessment organizations available to do the week-long reviews, it’s clear that the race is on. By achieving this so early, we’ve placed ourselves in the top 1% of all contractors in the Defense Industrial Base—and that’s truly a rare accomplishment.
Our Secret to Success
So, how did we do it? We built our success on a strong foundation of both technical and practical steps. We rely on highly secure cloud platforms to help us stay compliant. We also make sure only the right people can access our systems by using strong authentication, like Multi-Factor Authentication (MFA). Plus, our Role-Based Access Control (RBAC) limits what everyone can do, and we log everything and constantly review those logs to keep ourselves accountable.
It's All About Trust and Getting Better
Accountability is a huge part of our security mindset here at RGS. We make sure all of our information is safe by collecting and saving all of our activity logs in one central spot. These logs are like a security diary, helping us keep track of what's happening and they're kept safe in a secure, central data repository for future evaluation if needed. We even have instant alerts that let our IT and security teams know right away if anything goes wrong.
It's not just about the tech, either. We have strict rules in place for handling CUI, so all of our documents and media are properly marked. Our Data Loss Prevention (DLP) rules are designed to prevent anyone from printing CUI without permission, which is a must since our team works remotely. We're also big on learning, with regular security training for everyone. This milestone shows we're operationally mature and totally ready to keep CUI safe with confidence!
Achieving CMMC compliance isn't just a one-time thing, either. It's an ongoing, active process. We have to be constantly on the lookout for potential weaknesses and stay diligent to maintain our security posture. This continuous evaluation is a key part of our commitment to our partners and their data.
RGS is Ready to Drive
Our journey to passing CMMC Level 2 taught us a ton! A huge takeaway from learning what it takes for a separate environment to be "in-scope" versus "out-of-scope" is that we now understand exactly how to use the RGS product stack to help our customers. RGS products, built on Kubernetes and Rancher Manager, give us a really solid, central platform to help build a CMMC-compliant environment. It's awesome because it unifies virtual machines and containers on a single platform with Harvester Government (RGS HCI). Meanwhile, SLES and RGS Storage (Longhorn) handle the foundational security stuff, and RGS Security (NeuVector) gives us real-time container security and compliance auditing. This whole approach simplifies things so much and gives us the visibility and enforcement we need to protect all your important Controlled Unclassified Information (CUI) and meet CMMC requirements.
As we move forward, achieving CMMC Level 2 isn’t just a milestone—it’s a launchpad. It reflects who we are as a company: a government-first, security-obsessed team committed to delivering trustworthy, open-source solutions to the U.S. Government. Our certification proves we don’t just talk about secure-by-design—we live it every day, in our own operations and in the products we deliver. And now, with our CMMC secured and battle-tested through our own compliance journey, we’re ready to help our customers accelerate digital transformation securely. The road to mission ready security can be complex, but you don’t have to travel it alone. RGS is ready to lead the way.
Interested in learning more about our CMMC Level 2 Certification? Contact our team to learn more.
