As of February 20, NCAB Group USA has successfully achieved CMMC Level 2 certification following an assessment conducted by a Certified Third-Party Assessment Organization (C3PAO). This certification confirms our capability to support projects requiring CMMC Level 2 compliance, including all applicable flow-down requirements.
This milestone reflects our significant investment in strengthening our data protection capabilities – particularly in the handling of Controlled Unclassified Information (CUI), Federal Contract Information (FCI), and export-controlled technical data.
What this means
Secure digital CUI environment (NCAB Secure USA)
Our secure enclave, NCAB Secure USA, operates within Microsoft Azure Government and the Microsoft 365 GCC High environment. NCAB Secure USA:
- Provides a logically segmented, controlled environment for managing CUI
- Restricts access to personnel with a verified need-to-know
- Enforces restrictions on printing, copying, screen capture, external storage, and downloads
- Implements comprehensive audit logging, access controls, and incident response capabilities
This digital enclave is designed specifically for the safeguarding of CUI in accordance with NIST SP 800-171 Rev. 2 and CMMC Level 2 requirements.
Secure file transfer for CUI and export-controlled data
For exchange of CUI, FCI, and export-controlled technical data with customers and supply-chain partners, NCAB Group USA uses Sharetru Federal, a FedRAMP Moderate-authorized Managed File Transfer (MFT) platform. This service is explicitly designed for secure file exchange within the federal and defense community. Within NCAB Secure USA:
- Access to Sharetru Federal is only permitted to thoroughly vetted individuals
- Managed folder-level permissions restrict access appropriately
- Customers and factories may also require NCAB to use their approved secure file-transfer platforms, which we support when contractually required
This ensures all digital exchanges involving CUI follow federally-recognized security baselines.
Physical CUI handling (US-based warehouse facility)
Our warehouse based in Itasca, Illinois includes a secure physical lab environment for receiving and safeguarding paper-based CUI. This facility includes:
- Restricted access and video surveillance
- Locked storage for physical CUI
- Documented procedures for logging, handling, transporting, and destroying CUI
These processes align with CMMC Level 2, DFARS 252.204-7012, and NIST SP 800-171 requirements.
Understanding CMMC levels
There are three levels of CMMC certification:
- CMMC Level 1: Self-assessment
- CMMC Level 2:
- May require self-assessment or
- C3PAO-conducted assessment (which NCAB successfully completed)
- CMMC Level 3: DoD-conducted assessment
NCAB Group USA is now certified at CMMC Level 2 and can support all projects requiring CMMC Level 2 protections or lower.
Contact us with your questions
If you have any questions, please contact David Duross, Compliance Director at NCAB Group USA .