FAIRFAX, Virginia – April 7, 2026 : ControlCase, the global leader in cybersecurity certification and compliance services, has acquired CyberNINES, a trusted cybersecurity assessor and advisory firm focused on the Defense Industrial Base (DIB). They are joining forces to expand their ability to support federal contractors and suppliers in meeting evolving cybersecurity and compliance requirements.
“CyberNINES has proven to be the leader in CMMC expertise and was critical in our company achieving Level 2 certification. CyberNINES combining with ControlCase will deliver exactly the kind of expertise and global scale companies like ours need to meet CMMC requirements and stay competitive in the federal marketplace,” said Dave Bullis, IT Cybersecurity Compliance Manager at Weston Solutions, Inc.
The acquisition brings together CyberNINES’ deep expertise in CMMC with ControlCase’s global scale, certification capabilities, and extensive experience delivering compliance programs across numerous regulatory frameworks, including CMMC, FedRAMP, and more than 100 others. The combined company is now the leading global provider of federal compliance services.
Together, the organizations will support companies across the Defense Industrial Base as they prepare for CMMC Third-Party Assessment Organization (C3PAO) Level 2 Assessments, protect Controlled Unclassified Information (CUI), and maintain strong cybersecurity and compliance programs.
The combined organization is equipped to support the full lifecycle of federal cybersecurity compliance for Organizations Seeking Certification (OSCs), including C3PAO-led certification assessments and mock assessments, readiness and advisory services, including gap analysis, and continuous compliance and risk management programs, all delivered with strict separation between assessment and consulting services. This coordinated approach helps OSCs strengthen cybersecurity maturity, reduce compliance risk, and maintain eligibility for critical government contracts.
“As cybersecurity expectations intensify across the Defense Industrial Base, organizations need a partner with the expertise, scale, and credibility to deliver across the full compliance lifecycle,” said Mike Jenner, Chief Executive Officer of ControlCase. “Together, ControlCase and CyberNINES are better and stronger – combining CMMC expertise with a full suite of compliance solutions, and global reach to help organizations achieve certification, maintain compliance, and protect critical information.”
CyberNINES has built a strong reputation within the federal cybersecurity community for helping contractors strengthen cybersecurity posture and navigate evolving CMMC requirements.
“Organizations across the Defense Industrial Base face rapidly increasing cybersecurity demands and need to demonstrate measurable maturity,” said Scott Singer, Chief Executive Officer of CyberNINES and Chair of the CyberAB’s C3PAO Advisory Council. “By joining forces with ControlCase, we are bringing together highly complementary strengths to deliver end-to-end support across the entire compliance lifecycle, from readiness through certification and most importantly, to continue protecting those who protect us.”
Scott Singer, serving as ControlCase’s Federal President, will lead the global expansion of the Federal Division, leveraging his deep expertise in the Defense Industrial Base and CMMC ecosystem to guide the integrated team and enhance compliance outcomes across the federal supply chain.
The combined organization’s expertise is exemplified and supported by hundreds of cybersecurity professionals and consultants, more than 25 years of federal cybersecurity and compliance experience, thousands of assessments completed, hundreds of federally focused readiness engagements delivered across the Defense Industrial Base, and over one thousand ecosystem partners across technology, consulting, and managed services.
Together, ControlCase and CyberNINES address global compliance needs for any organization. This resulting powerhouse strengthens cybersecurity maturity, meets compliance objectives, reduces supply chain risk, protects sensitive information, and maintains eligibility for critical government contracts.
About ControlCase
ControlCase is the leading global provider of certification, cybersecurity, and continuous compliance services. ControlCase is committed to empowering organizations to develop and deploy strategic information security and compliance programs that are simplified, cost-effective, and comprehensive in both on-premise and cloud environments. As a Certified Assessor, 3PAO, C3PAO, and RPO, ControlCase offers certifications and a broad spectrum of cybersecurity services that meet the needs of companies required to certify to CMMC, FedRAMP, StateRAMP, NIST, ISO, SOC 2, PCI, HIPAA, HITRUST, GDPR, and over 100 other IT Compliance frameworks.
About CyberNINES
CyberNINES is an authorized C3PAO, providing Compliance Without Complexity® delivering expert assessments, remediation, and full journey consulting to businesses nationwide. CyberNINES is focused on those supporting the U.S. Department of War. The company provides CMMC Level 2 Assessments, advisory services, readiness preparation, and practical expertise designed to help organizations strengthen cybersecurity programs and navigate complex federal compliance requirements.
“Together, ControlCase and CyberNINES are better and stronger – combining CMMC expertise with a full suite of compliance solutions and global reach to help organizations achieve certification, maintain compliance, and protect critical information,” said Mike Jenner, CEO, ControlCase.