CyberSheath, the largest Cybersecurity Maturity Model Compliance (CMMC) managed service vendor, helped Tunnell Consulting, a consulting firm that provides specialized scientific and technical expertise to government agencies and commercial clients, achieve CMMC Level 2 certification with a perfect 110 score using a targeted enclave solution designed around the Company’s limited controlled unclassified information (CUI) handling requirements.
With defense spending continuing to grow and more contracts expected to carry CMMC requirements as the Phase 2 deadline approaches on Nov. 10, 2026, contractors across the defense industrial base are evaluating how to achieve compliance without overextending their budgets. Tunnell’s certification demonstrates that even companies with minimal day-to-day CUI exposure can meet every requirement through a right-sized approach that aligns security controls to actual CUI flow rather than applying enterprise-wide remediation by default.
“Too many defense contractors are being told that compliance requires transforming their entire enterprise,” said Emil Sayegh, CEO of CyberSheath. “That approach is expensive, disruptive and often unnecessary. Our mission is to help the defense industrial base stay secure and win contracts without overengineering environments or overspending on controls that don’t align to actual CUI exposure. When you map how CUI truly flows through the business, you can architect precision, not excess. Tunnell’s certification proves that disciplined scoping, strong engineering and operational rigor can achieve a perfect 110 score without making compliance harder than it needs to be.”
Tunnell sources and places subject matter experts to support government missions, including public health preparedness and biomedical research. Because consultants typically work on-site at government facilities using government equipment, Tunnell’s systems handle CUI on a limited basis. The Company initially pursued enterprise-wide compliance, but CyberSheath determined that an Azure Virtual Desktop enclave in Microsoft’s GCC would meet all CMMC requirements at a fraction of the enterprise-wide cost while reducing the long-term operational burden of maintaining unnecessary controls across the full environment.
“CyberSheath approached this as a strategic partnership, not just a compliance checklist,” said Mary Corcoran, Chief Administrative Officer at Tunnell. “They took the time to understand how our consultants operate, where CUI truly intersects with our systems and how to protect it without disrupting our core mission. Their disciplined scoping and technical expertise allowed us to achieve a perfect 110 score on our first assessment while avoiding unnecessary cost and operational complexity. CyberSheath gave us confidence not only in our certification, but in the long-term security of our environment.”
Learn more about how CyberSheath helps defense contractors achieve CMMC compliance.
About CyberSheath
Established in 2012, CyberSheath is one of the most experienced and trusted IT security services partners for the U.S. defense industrial base. From CMMC compliance to strategic security planning to managed security services, CyberSheath offers a comprehensive suite of offerings tailored to clients’ information security and regulatory compliance needs. Learn more at cybersheath.com.
About Tunnell Consulting, Inc.
For over 60 years, Tunnell has provided both expert talent and consulting services to clients including Biopharmas, CDMOs, the US Government, incubators, investors and NGOs. We have experience across multiple platforms – including large molecule, vaccines, cell and gene therapy and small molecule – and our subject matter expertise focuses on regulatory, quality, GxP, pre-clinical/clinical, supply chain, manufacturing, CMC and product launch. To learn more, visit us online at http://www.tunnellconsulting.com.
View source version on businesswire.com: https://www.businesswire.com/news/home/20260505843967/en/
Media gallery
