Tunnell Consulting, a firm specializing in scientific and technical expertise for government agencies and commercial clients, has achieved Cybersecurity Maturity Model Compliance (CMMC) Level 2 certification with a perfect score of 110. This was accomplished using a targeted enclave solution designed by CyberSheath, the largest CMMC managed service vendor, to align with Tunnell’s specific controlled unclassified information (CUI) handling requirements.
As defense spending continues to increase and more contracts are expected to incorporate CMMC requirements ahead of the Phase 2 deadline on November 10, 2026, defense industrial base (DIB) contractors are assessing compliance strategies that avoid excessive budget outlays. Tunnell Consulting’s certification demonstrates a viable pathway for companies with limited daily CUI exposure to meet all compliance mandates through a right-sized approach, which maps security controls to the actual flow of CUI rather than defaulting to enterprise-wide remediation.
Initially, Tunnell Consulting explored enterprise-wide compliance. However, CyberSheath determined that an Azure Virtual Desktop enclave within Microsoft’s Government Community Cloud (GCC) could satisfy all CMMC requirements at a reduced cost compared to a full enterprise overhaul. This solution also aims to lower the long-term operational burden of maintaining unnecessary controls across the broader IT environment.
Emil Sayegh, CEO of CyberSheath, stated, “Many defense contractors are advised that compliance necessitates a complete enterprise transformation. This method is often costly, disruptive, and frequently unnecessary. Our goal is to assist the defense industrial base in maintaining security and securing contracts without over-engineering their environments or overspending on controls that do not align with their actual CUI exposure. By accurately mapping how CUI moves through a business, precision can be achieved over excess. Tunnell’s certification validates that rigorous scoping, robust engineering, and operational discipline can result in a perfect 110 score without making compliance more complex than needed.”
Mary Corcoran, Chief Administrative Officer at Tunnell Consulting, commented on the engagement, “CyberSheath approached this as a strategic partnership, not merely a compliance checklist. They invested time to understand our consultants’ operations, precisely where CUI intersects with our systems, and how to safeguard it without disrupting our core mission. Their meticulous scoping and technical proficiency enabled us to achieve a perfect 110 score on our initial assessment while circumventing unnecessary costs and operational complexities. CyberSheath provided us with confidence not only in our certification but also in the long-term security of our environment.”
CyberSheath, established in 2012, offers a comprehensive range of IT security services for the U.
S. defense industrial base, including CMMC compliance and managed security services. Tunnell Consulting, with over 60 years of operation, provides expert talent and consulting services to various clients, including biopharma companies, contract development and manufacturing organizations (CDMOs), and the U.
S. Government.