Army's NCODE Program Taps Enclaves to Fortify Defense Cybersecurity

DALLAS, TX – May 20, 2026 – The U.S. Army has selected Dallas-based Beryllium and seven other companies for its Next-Gen Commercial Operations in Defended Enclaves (NCODE) pilot program, a $49 million initiative designed to overhaul cybersecurity for the nation's defense contractors. The selection validates a growing industry shift towards secure, isolated digital environments as the primary method for protecting sensitive government data and streamlining complex compliance mandates.

Beryllium will participate in the five-year program through its flagship managed enclave platform, Cuick Trac. The NCODE initiative will see selected Verified External Service Providers (VESPs) compete for task orders to assist defense contractors in meeting the stringent requirements of the National Institute of Standards and Technology (NIST) SP 800-171 and preparing for the mandatory Cybersecurity Maturity Model Certification (CMMC). This program represents a critical intervention for a defense supply chain grappling with the high costs and complexities of modern cybersecurity regulations.

The Crushing Cost of Compliance

For years, organizations within the Defense Industrial Base (DIB), particularly small and medium-sized businesses, have faced a daunting challenge: meet the Pentagon's increasingly rigorous cybersecurity standards or risk losing their contracts. The CMMC framework, designed to protect Controlled Unclassified Information (CUI) from sophisticated cyber threats, has proven to be a significant hurdle.

Industry analyses reveal that achieving CMMC Level 2 compliance—a requirement for any company handling CUI—can cost anywhere from $50,000 to over $300,000. These costs cover essential steps like gap assessments, developing system security plans, extensive remediation, and technology upgrades. For many smaller firms, such an investment is simply untenable, especially when coupled with the potential for operational disruption as new security controls are implemented across their entire network.

The penalties for non-compliance are severe, ranging from the loss of contracts to substantial financial penalties under the False Claims Act, which can reach into the hundreds of thousands of dollars per violation. This high-stakes environment has led to a worrying trend: some industry analysts project that 15% to 20% of the DIB, representing tens of thousands of companies, may choose to exit the defense market altogether rather than absorb the cost and complexity of compliance. This potential attrition poses a direct threat to the resilience and innovation of the U.S. defense supply chain.

The NCODE Lifeline and the Rise of Enclaves

In response to this crisis, the U.S. Army's NCODE program offers what many are calling a potential lifeline. The initiative functions as a form of "cybersecurity as a service," connecting smaller firms with pre-vetted providers who can deliver secure, cloud-based environments compliant with DoD standards. Out of 31 bids for the program, the Army selected a small cohort of eight companies, including Beryllium, ATX Defense, and Summit 7, to lead the effort.

High-level defense officials have endorsed the program's model. Undersecretary of the Army Gabe Camarillo has previously described NCODE as a way to provide a "cyber-secure enclave" that enables small businesses to work securely and meet DoD standards without shouldering the enormous financial burden of securing their entire corporate infrastructure. The program's core strategy hinges on the concept of the secure enclave—a dedicated, controlled, and isolated digital workspace for handling CUI.

Instead of forcing a company to secure every server, computer, and network segment, the enclave approach carves out a virtual fortress where all CUI-related work is performed. This dramatically reduces the scope of a CMMC assessment, as auditors only need to verify the security of the enclave itself, not the company's entire IT environment. This allows business functions like HR and accounting to operate as usual, outside the stringent compliance boundary.

A New Paradigm for Security and Compliance

The selection of Beryllium for the NCODE pilot highlights the validation of its specific technological approach. The company's Cuick Trac platform is a managed enclave that has achieved FedRAMP Moderate Equivalency, a key benchmark indicating its security controls have been attested by a FedRAMP-recognized Third-Party Assessment Organization (3PAO) as being on par with federal government cloud security standards.

This equivalency is critical, as it provides a high degree of assurance that the platform meets the rigorous NIST 800-53 security controls required for handling sensitive government data. By using Cuick Trac, a defense contractor can effectively outsource the technical heavy lifting of compliance. The platform provides an integrated solution with multi-factor authentication, encrypted storage, and continuous security monitoring, all pre-configured to meet NIST SP 800-171 requirements.

“Programs like NCODE validate a broader shift toward enclave-based environments as one of the most practical paths to achieving compliance at scale,” said Andy Woods, Chief Executive Officer of Beryllium, in a statement. “We’re proud to be selected and to support an initiative focused on helping organizations protect sensitive information while remaining competitive within the DIB.”

This move toward enclave solutions is reshaping a crowded and often confusing market. While some providers offer broad compliance management software and others focus on specific tools like encrypted email, the enclave model offers a comprehensive, contained solution. It simplifies the audit process, reduces risk by isolating CUI, and accelerates the timeline for achieving certification, with some providers promising compliance in 90 days or less. As the DoD continues its push to secure its vast supply chain, initiatives like NCODE and the technologies they leverage are proving essential not just for regulatory compliance, but for the foundational security of the nation's defense capabilities.