Evans Achieves CMMC Level 2 Certification, Strengthening Defense Industrial Base Cybersecurity Posture
Federal technology implementation partner demonstrates advanced security controls protecting Controlled Unclassified Information
Evans Incorporated, a federal technology implementation partner with 20+ years of proven delivery, announced it has achieved Cybersecurity Maturity Model Certification (CMMC) Level 2. The certification validates Evans’ implementation of 110 security controls required to protect Controlled Unclassified Information (CUI) across Department of War contracts and strengthens the company’s position supporting critical defense missions.
CMMC Level 2 certification requires organizations to demonstrate “good cyber hygiene” practices through third-party assessment of security controls aligned with NIST SP 800-171. The certification enables Evans to compete for and perform on DoD contracts requiring the protection of CUI and positions the company to support the Department of Navy’s expanding portfolio of technology modernization and workforce enablement initiatives.
“CMMC Level 2 is table stakes for serious defense contractors working with CUI, and it’s particularly critical as we grow our Department of Navy portfolio,” said Brit Nanna, Emerging Federal Accounts Director at Evans. “Navy commands require partners who can protect sensitive information related to ship design, submarine operations, and fleet readiness. This certification proves we have the security infrastructure in place to handle that responsibility while delivering the technology implementation and workforce capability building that sets Evans apart.”
Evans underwent rigorous third-party assessment by a CMMC Third-Party Assessment Organization (C3PAO) to validate implementation of 110 security practices across 14 domains, including access control, incident response, system and communications protection, and risk assessment. The certification demonstrates Evans’ commitment to protecting federal information assets and maintaining the trust of mission-critical defense clients.
“Achieving CMMC Level 2 required us to demonstrate the holistic cybersecurity program that exists at Evans,” said Joshua Morden, IT Manager at Evans. “Cybersecurity is not only an IT or security team function. It is a responsibility for everyone in the organization in order to keep our data and our clients’ information safe against today’s cyber threats. The CMMC Level 2 certification and the way we have implemented the security controls tangibly proves the security-first culture we have built at Evans, and it assures our clients that Evans is a trustworthy partner to assist them in achieving their goals effectively and securely.”
Evans has supported Department of Navy operations through workforce development, human-centered design, and technology implementation work in partnership with Johns Hopkins Applied Physical Laboratory and PEO IWS 5 out of NAVSEA. The company’s CMMC Level 2 certification expands its ability to support Navy missions requiring advanced cybersecurity controls while maintaining Evans’ signature focus on solutions that stick and teams that deliver.
The certification comes as the Department of War implements phased CMMC requirements across the Defense Industrial Base. CMMC Level 2 will be required for DoD contractors handling CUI by contract clause insertion.
About Evans Incorporated
Evans is a federal technology implementation partner with 20+ years of proven delivery across defense, civilian, and intelligence agencies. Our approach covers four essentials: workforce readiness (BUILD), technology adoption (DEPLOY), compliant execution (EXECUTE), and strategic operation (ADVANCE). For more information, visit www.evansinc.com.
