Monalytic Earns Key CMMC Certification, Raising Bar for Federal IT Security

AUSTIN, TX – April 09, 2026 – Monalytic, a professional services firm and subsidiary of SolarWinds, announced today it has achieved Cybersecurity Maturity Model Certification (CMMC) Level 2, a critical milestone that validates its compliance with stringent Department of Defense (DoD) cybersecurity standards. The certification confirms that Monalytic has implemented all 110 security controls required to handle sensitive government data, positioning the company as a trusted partner for federal agencies operating in an increasingly hostile digital landscape.

This achievement is more than a procedural checkmark; it represents a significant step in a government-wide push to secure the sprawling defense industrial base, which has long been a prime target for cyber adversaries. For federal contractors, CMMC compliance is rapidly shifting from a competitive advantage to a non-negotiable requirement for doing business.

The New Gold Standard for Defense Contractors

The CMMC framework was developed by the DoD to enforce the protection of Controlled Unclassified Information (CUI) across its supply chain. CUI is sensitive government data that, while not classified, could cause significant damage to national security if compromised. Monalytic’s Level 2 certification specifically attests to its adherence to the 110 security controls outlined in the National Institute of Standards and Technology (NIST) Special Publication 800-171.

Achieving this level of compliance is a formidable undertaking. The controls span 14 domains, covering everything from access control and incident response to configuration management and personnel security. The process requires not only technical implementation but also extensive documentation, rigorous policies, and a cultural shift towards continuous security monitoring.

For years, adherence to NIST standards was based on self-attestation, a system that proved insufficient in practice. CMMC 2.0 introduces a mandatory verification layer. While some contracts may permit self-assessments, most involving critical CUI will require a triennial third-party assessment conducted by a certified organization. With the CMMC mandate now being phased into DoD contracts since late 2025, companies without this certification will find themselves locked out of a vast and critical market. Monalytic's certification, therefore, places it ahead of the curve, demonstrating a proactive commitment to meeting the government's highest security expectations.

A Strategic Security Play for SolarWinds

The certification is also a significant component of the broader security narrative for Monalytic’s parent company, SolarWinds. Acquired in 2022, Monalytic specializes in helping public sector organizations optimize and scale SolarWinds’ IT management and observability solutions. This certification directly demonstrates the real-world application of SolarWinds' "Secure by Design" principles, a comprehensive initiative launched to rebuild its security architecture and processes from the ground up.

“Achieving CMMC Level 2 is an important milestone not only for Monalytic, but for SolarWinds ongoing commitment to serving public sector customers with the highest standards of security and trust,” said Sudhakar Ramakrishna, CEO of SolarWinds, in a statement. He emphasized that as government agencies face complex threats, they require partners who deliver both operational excellence and built-in security.

This achievement serves as a tangible proof point of SolarWinds' strategy to embed security deep within its offerings and its partner ecosystem. By ensuring its government-facing professional services arm meets these rigorous DoD standards, SolarWinds is reinforcing its value proposition to a public sector market that remains highly sensitive to supply chain security.

“This certification is another example of our commitment to meet and surpass the high standards necessary to support our customers in the U.S. government,” added Gregory Fetterhoff, president of Monalytic. The move signals to federal clients that the expertise and services they rely on to manage their IT infrastructure are backed by a verified and robust security posture.

Overcoming the Compliance Hurdle

Monalytic’s success highlights a significant challenge facing the estimated 300,000 companies within the defense industrial base. The path to CMMC Level 2 compliance is fraught with complexity and expense. Industry analysis suggests that costs for achieving this certification can range from tens of thousands to hundreds of thousands of dollars, depending on a company's existing cybersecurity maturity.

The challenges extend beyond financial investment. Companies must accurately scope their networks to identify where CUI is stored, processed, or transmitted—a task that is often harder than it sounds. They must then implement and meticulously document all 110 NIST controls, a process that can take 6 to 18 months or longer. For small and medium-sized businesses, which form the backbone of the defense supply chain, these resource-intensive requirements can be daunting.

By navigating this complex process, Monalytic not only secures its own eligibility for federal contracts but also becomes a more attractive partner for prime contractors. Under CMMC rules, prime contractors are responsible for ensuring their subcontractors are also compliant, creating a cascading requirement throughout the supply chain. Certified companies like Monalytic are therefore well-positioned to become essential links in the national security ecosystem.

Beyond the Certificate: Powering Government IT Resilience

Ultimately, the significance of Monalytic’s certification extends beyond compliance. It directly impacts the operational resilience and mission-effectiveness of the government agencies it serves. Monalytic provides professional services centered on monitoring and analytics, helping agencies maintain system uptime and derive actionable insights from their complex IT environments.

“In an era where the U.S. government constantly faces new cyber threats, federal agencies must be sure their vendors uphold the strict standards necessary to keep valuable data safe and secure,” stated Jeff Easley, Director of IT & Engineering at Monalytic. "We are proud to show our customers across U.S. agencies — and the wider public sector — that they can trust Monalytic’s technology as a vital and secure asset to their missions.”

This CMMC certification provides a foundational layer of trust. It assures federal IT managers that the very systems and services used to monitor their networks and protect their data are themselves secure. This allows agencies to focus on their primary missions, from defense operations to citizen services, with greater confidence in the integrity of their IT infrastructure. As the government continues its push for modernization, the ability to partner with vendors who have demonstrated a commitment to security through rigorous, third-party validation will be indispensable.